CWE-908 - Use of Uninitialized Resource
CWE-908 Medium
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Use of Uninitialized Resource
- Description
The product uses or accesses a resource that has not been initialized.
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.
- Common Consequences
Scope: Confidentiality
Impact: Read Memory, Read Application Data
Notes: When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Notes: The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.
- Related Weaknesses
- Release Date:
- 2013-02-21
- Latest Modification Date:
- 2023-06-29
Free security scan for your website