CWE-908 - Use of Uninitialized Resource

CWE-908 Medium

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Use of Uninitialized Resource

Description: The product uses or accesses a resource that has not been initialized.
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

Common Consequences: Scope: Confidentiality
Impact: Read Memory, Read Application Data
Notes: When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Notes: The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.

Related Weaknesses: CWE-665Improper InitializationMedium

Release Date:
2013-02-21

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard