ClassIncomplete

CWE-1419Incorrect Initialization of Resource

Category: logic

Description

The product attempts to initialize a resource but does not correctly do so, which might leave the resource in an unexpected, incorrect, or insecure state when it is accessed.

Common consequences· 3

  • Confidentiality — Read Memory, Read Application Data, Unexpected State
  • Authorization / Integrity — Gain Privileges or Assume Identity
  • Other — Varies by Context
    The technical impact can vary widely based on how the resource is used in the product, and whether its contents affect security decisions.

Potential mitigations· 4

  • [Implementation]Choose the safest-possible initialization for security-related resources.
  • [Implementation]Ensure that each resource (whether variable, memory buffer, register, etc.) is fully initialized.
  • [Implementation]Pay close attention to complex conditionals or reset sources that affect initialization, since some paths might not perform the initialization.
  • [Architecture and Design]Ensure that the design and architecture clearly identify what the initialization should be, and that the initialization does not have security implications.

References

  1. https://cwe.mitre.org/data/definitions/1419.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Initialization of Resource
CWE
Improper Initialization
CWE
Use of Uninitialized Resource
CWE
Initialization of a Resource with an Insecure Default
CWE
Missing Initialization of a Variable
CWE
Operation on Resource in Wrong Phase of Lifetime
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.