CWE-908βUse of Uninitialized Resource
PUBLISHEDweakness recordMedium
released 2013-02-21 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-908
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Release Date:
- 2013-02-21
- Latest Modification Date:
- 2025-12-11
Weakness Name
Use of Uninitialized Resource
Description
The product uses or accesses a resource that has not been initialized.
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.
Common Consequences
- Scope:
- Confidentiality
- Impact:
- Read Memory, Read Application Data
- Notes:
- When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
- Scope:
- Availability
- Impact:
- DoS: Crash, Exit, or Restart
- Notes:
- The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.