CWE-908β€”Use of Uninitialized Resource

PUBLISHEDweakness recordMedium
released 2013-02-21 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-908
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2013-02-21
Latest Modification Date:
2025-12-11

Weakness Name

Use of Uninitialized Resource

Description

The product uses or accesses a resource that has not been initialized.

When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

Common Consequences

Scope:
Confidentiality
Impact:
Read Memory, Read Application Data
Notes:
When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
Scope:
Availability
Impact:
DoS: Crash, Exit, or Restart
Notes:
The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.

Related Weaknesses