logo

CWE-908 - Use of Uninitialized Resource

  • Abstraction:Base
  • Structure:Simple
  • Status:Incomplete
  • Release Date:2013-02-21
  • Latest Modification Date:2023-06-29

Weakness Name

Use of Uninitialized Resource

Description

The product uses or accesses a resource that has not been initialized.

When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

Common Consequences

Scope: Confidentiality

Impact: Read Memory, Read Application Data

Notes: When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Notes: The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.

Related Weaknesses

CWE-665Improper InitializationMedium