CWE-665Improper Initialization

PUBLISHEDweakness recordMedium
released 2008-04-11 · last modified 2026-04-30

Metadata

CWE ID:
CWE-665
摘要:
Class
结构:
Simple
状态:
Draft
发布日期:
2008-04-11
更新日期:
2026-04-30

名称

Improper Initialization

描述

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.

常见后果

范围:
Confidentiality
影响:
Read Memory, Read Application Data
注释:
When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
范围:
Access Control
影响:
Bypass Protection Mechanism
注释:
If security-critical decisions rely on a variable having a "0" or equivalent value, and the programming language performs this initialization on behalf of the programmer, then a bypass of security may occur.
范围:
Availability
影响:
DoS: Crash, Exit, or Restart
注释:
The uninitialized data may contain values that cause program flow to change in ways that the programmer did not intend. For example, if an uninitialized variable is used as an array index in C, then its previous contents may produce an index that is outside the range of the array, possibly causing a crash or an exit in other environments.

相关 CWE