logo

CWE-456 - Missing Initialization of a Variable

  • Abstraction:Variant
  • Structure:Simple
  • Status:Draft
  • Release Date:2006-07-19
  • Latest Modification Date:2023-06-29

Weakness Name

Missing Initialization of a Variable

Description

The product does not initialize critical variables, which causes the execution environment to use unexpected values.

Common Consequences

Scope: Integrity, Other

Impact: Unexpected State, Quality Degradation, Varies by Context

Notes: The uninitialized data may be invalid, causing logic errors within the program. In some cases, this could result in a security problem.

Related Weaknesses

CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')High

CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')High

CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')High

CWE-457Use of Uninitialized VariableHigh

CWE-665Improper InitializationMedium

CWE-909Missing Initialization of ResourceMedium