CWE-456 - Missing Initialization of a Variable

CWE ID:

CWE-456

Abstraction:Variant
Structure:Simple
Status:Draft

Release Date:2006-07-19
Latest Modification Date:2023-06-29

Weakness Name

Missing Initialization of a Variable

Description

The product does not initialize critical variables, which causes the execution environment to use unexpected values.

Common Consequences

Scope: Integrity, Other

Impact: Unexpected State, Quality Degradation, Varies by Context

Notes: The uninitialized data may be invalid, causing logic errors within the program. In some cases, this could result in a security problem.

Related Weaknesses

CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')High

CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')High

CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')High

CWE-457Use of Uninitialized VariableHigh

CWE-665Improper InitializationMedium

CWE-909Missing Initialization of ResourceMedium

Top Security News

Top CVE List

Common Alerts

InformationalGraphQL Endpoint Supports Introspection
HighCross-Domain Misconfiguration - Adobe - Read
InformationalNon-Storable Content
LowCookie without SameSite Attribute
InformationalSec-Fetch-User Header is Missing
HighPath Traversal
InformationalHTTP Parameter Pollution
InformationalUser Controllable HTML Element Attribute (Potential XSS)
HighExternal Redirect
HighAccess Control Issue - Improper Authorization

Top CWE List