CWE-908Use of Uninitialized Resource

PUBLISHEDweakness recordMedium
released 2013-02-21 · last modified 2025-12-11

Metadata

CWE ID:
CWE-908
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2013-02-21
更新日期:
2025-12-11

名称

Use of Uninitialized Resource

描述

The product uses or accesses a resource that has not been initialized.

When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

常见后果

范围:
Confidentiality
影响:
Read Memory, Read Application Data
注释:
When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
范围:
Availability
影响:
DoS: Crash, Exit, or Restart
注释:
The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.

相关 CWE