logo

CWE-908 - Use of Uninitialized Resource

CWE-908 Medium

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Use of Uninitialized Resource

Description

The product uses or accesses a resource that has not been initialized.

When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

Common Consequences

Scope: Confidentiality

Impact: Read Memory, Read Application Data

Notes: When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Notes: The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.

Related Weaknesses
  • Release Date:
  • 2013-02-21
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website