CWE-457: Use of Uninitialized Variable
ID
CWE-457
Abstraction
Variant
Structure
Simple
Status
Draft
Number of CVEs
62
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
In some languages such as C and C++, stack variables are not initialized by default. They generally contain junk data with the contents of stack memory before the function was invoked. An attacker can sometimes control or read these contents. In other languages or conditions, a variable that is not explicitly initialized can be given a default value that has security implications, depending on the logic of the program. The presence of an uninitialized variable can sometimes indicate a typographic error in the code.
Modes of Introduction
Phase | Note |
---|---|
Implementation | In C, using an uninitialized char * in some string libraries will return incorrect results, as the libraries expect the null terminator to always be at the end of a string, even if the string is empty. |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | C | ||
Language | C++ | ||
Language | Perl | ||
Language | PHP | ||
Language | Not Language-Specific |
Relationships
View | Weakness | |||||||
---|---|---|---|---|---|---|---|---|
# ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
CWE-1000 | Research Concepts | Draft | CWE-908 | Use of Uninitialized Resource | Base | Simple | Incomplete | |
CWE-1305 | CISQ Quality Measures (2020) | Incomplete | CWE-665 | Improper Initialization | Class | Simple | Draft | |
CWE-1340 | CISQ Data Protection Measures | Incomplete | CWE-665 | Improper Initialization | Class | Simple | Draft |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...