CWE-456 - Missing Initialization of a Variable

CWE-456

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Missing Initialization of a Variable

Description: The product does not initialize critical variables, which causes the execution environment to use unexpected values.

Common Consequences: Scope: Integrity, Other
Impact: Unexpected State, Quality Degradation, Varies by Context
Notes: The uninitialized data may be invalid, causing logic errors within the program. In some cases, this could result in a security problem.

Related Weaknesses

CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')High

CWE-665Improper InitializationMedium

CWE-909Missing Initialization of ResourceMedium

CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')High

CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')High

CWE-457Use of Uninitialized VariableHigh

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard