BaseIncomplete
CWE-908Use of Uninitialized Resource
Category: logic
Description
The product uses or accesses a resource that has not been initialized.
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.
Common consequences· 2
- Confidentiality — Read Memory, Read Application DataWhen reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
- Availability — DoS: Crash, Exit, or RestartThe uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.
Potential mitigations· 4
- [Implementation]Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
- [Implementation]Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
- [Implementation]Avoid race conditions (CWE-362) during initialization routines.
- [Build and Compilation]Run or compile the product with settings that generate warnings about uninitialized variables or data.
References
(incoming)15
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-1942cve-2025-1942 | 0% | live |
| Vulnerability | CVE-2025-27796cve-2025-27796 | 0% | live |
| Vulnerability | CVE-2025-31361cve-2025-31361 | 0% | live |
| Vulnerability | CVE-2025-31649cve-2025-31649 | 0% | live |
| Vulnerability | CVE-2025-33070cve-2025-33070 | 0% | live |
| Vulnerability | CVE-2025-50165cve-2025-50165 | 0% | live |
| Vulnerability | Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerabilitycve-2025-5777 | 0% | live |
| Vulnerability | CVE-2026-2806cve-2026-2806 | 0% | live |
| Vulnerability | CVE-2026-40364cve-2026-40364 | 0% | live |
| Vulnerability | CVE-2026-43139cve-2026-43139 | 0% | live |
| Vulnerability | CVE-2026-43291cve-2026-43291 | 0% | live |
| Vulnerability | CVE-2026-4715cve-2026-4715 | 0% | live |
| Vulnerability | CVE-2026-4716cve-2026-4716 | 0% | live |
| KEVEntry | Android Pixel Information Disclosure Vulnerabilitykev-cve-2024-29745 | 0% | live |
| KEVEntry | Linux Kernel Use of Uninitialized Resource Vulnerabilitykev-cve-2024-50302 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.