Common Weakness Enumeration

CWE-824

Allowed

Access of Uninitialized Pointer

Abstraction: Base · Status: Incomplete

The product accesses or uses a pointer that has not been initialized.

451 vulnerabilities reference this CWE, most recent first.

GHSA-X3CP-4X6W-VM7P

Vulnerability from github – Published: 2023-07-21 21:30 – Updated: 2026-07-01 17:48
VLAI
Summary
Duplicate Advisory: Open Babel has out-of-bounds write in MOL2 attribute/value parser
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-jr2x-6qf6-q5mc. This link is maintained to preserve external references.

Original Description

A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "openbabel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-01T17:48:05Z",
    "nvd_published_at": "2023-07-21T21:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-jr2x-6qf6-q5mc. This link is maintained to preserve external references.\n\n## Original Description\nA use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-x3cp-4x6w-vm7p",
  "modified": "2026-07-01T17:48:05Z",
  "published": "2023-07-21T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44451"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1669"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Open Babel has out-of-bounds write in MOL2 attribute/value parser",
  "withdrawn": "2026-07-01T17:48:05Z"
}

GHSA-X754-MMWM-RPVM

Vulnerability from github – Published: 2022-05-14 03:28 – Updated: 2022-05-14 03:28
VLAI
Details

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, and SDX20, secure UI crash due to uninitialized link list entry in dynamic font module.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-18T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, and SDX20, secure UI crash due to uninitialized link list entry in dynamic font module.",
  "id": "GHSA-x754-mmwm-rpvm",
  "modified": "2022-05-14T03:28:09Z",
  "published": "2022-05-14T03:28:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10447"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-04-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCPM-76HF-C9CC

Vulnerability from github – Published: 2025-10-22 16:35 – Updated: 2025-10-22 16:35
VLAI
Summary
Borrowck Scarifices exposes uninitialized memory in any_as_u8_slice
Details

The safe function any_as_u8_slice can create byte slices that reference uninitialized memory when used with types containing padding bytes.

The function uses slice::from_raw_parts to create a &[u8] covering the entire size of a type, including padding bytes. According to Rust's documentation, from_raw_parts requires all bytes to be properly initialized, but padding bytes in structs are not guaranteed to be initialized. This violates the safety contract and causes undefined behavior.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "borrowck_sacrifices"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-22T16:35:08Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "The safe function `any_as_u8_slice` can create byte slices that reference uninitialized memory when used with types containing padding bytes.\n\nThe function uses `slice::from_raw_parts` to create a `\u0026[u8]` covering the entire size of a type, including padding bytes. According to Rust\u0027s documentation, `from_raw_parts` requires all bytes to be properly initialized, but padding bytes in structs are not guaranteed to be initialized. This violates the safety contract and causes undefined behavior.",
  "id": "GHSA-xcpm-76hf-c9cc",
  "modified": "2025-10-22T16:35:08Z",
  "published": "2025-10-22T16:35:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/alexpyattaev/borrowck_sacrifices/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/alexpyattaev/borrowck_sacrifices/commit/1bdaa14da68a6e8207f9e81359116f53139800f2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/alexpyattaev/borrowck_sacrifices"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0107.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Borrowck Scarifices exposes uninitialized memory in any_as_u8_slice"
}

GHSA-XG9W-6W45-PP95

Vulnerability from github – Published: 2025-10-02 06:31 – Updated: 2025-10-02 06:31
VLAI
Details

VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-02T06:15:37Z",
    "severity": "HIGH"
  },
  "details": "VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.",
  "id": "GHSA-xg9w-6w45-pp95",
  "modified": "2025-10-02T06:31:08Z",
  "published": "2025-10-02T06:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58777"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU97069449"
    },
    {
      "type": "WEB",
      "url": "https://www.keyence.com/vt_vulnerability250930"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XH44-7M8V-GQG4

Vulnerability from github – Published: 2023-03-16 21:30 – Updated: 2023-03-23 18:30
VLAI
Details

A use-of-uninitialized-pointer vulnerability exists in the Forward Open connection_management_entry functionality of EIP Stack Group OpENer development commit 58ee13c. A specially-crafted EtherNet/IP request can lead to use of a null pointer, causing the server to crash. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43606"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-16T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use-of-uninitialized-pointer vulnerability exists in the Forward Open connection_management_entry functionality of EIP Stack Group OpENer development commit 58ee13c. A specially-crafted EtherNet/IP request can lead to use of a null pointer, causing the server to crash. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.",
  "id": "GHSA-xh44-7m8v-gqg4",
  "modified": "2023-03-23T18:30:15Z",
  "published": "2023-03-16T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43606"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1663"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHH9-6P6W-J9JM

Vulnerability from github – Published: 2023-02-14 12:30 – Updated: 2023-02-22 18:30
VLAI
Details

A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-14T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V2210Update12), Solid Edge SE2023 (All versions \u003c V2023Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.",
  "id": "GHSA-xhh9-6p6w-j9jm",
  "modified": "2023-02-22T18:30:35Z",
  "published": "2023-02-14T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24563"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP87-WP3M-6PPW

Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-18 12:00
VLAI
Details

An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-18T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.",
  "id": "GHSA-xp87-wp3m-6ppw",
  "modified": "2022-10-18T12:00:30Z",
  "published": "2022-10-18T12:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22236"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA69892"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRPP-VWP4-Q9HP

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2023-03-15 00:30
VLAI
Details

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-15T21:15:00Z",
    "severity": "LOW"
  },
  "details": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027bootp_t\u0027 structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
  "id": "GHSA-xrpp-vwp4-q9hp",
  "modified": "2023-03-15T00:30:47Z",
  "published": "2022-05-24T19:05:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3592"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970484"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-44"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210805-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XV9P-58XX-4R8R

Vulnerability from github – Published: 2024-09-27 15:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

um: line: always fill *error_out in setup_one_line()

The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-27T13:15:16Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\num: line: always fill *error_out in setup_one_line()\n\nThe pointer isn\u0027t initialized by callers, but I have\nencountered cases where it\u0027s still printed; initialize\nit in all possible cases in setup_one_line().",
  "id": "GHSA-xv9p-58xx-4r8r",
  "modified": "2025-11-04T00:31:31Z",
  "published": "2024-09-27T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46844"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XWH6-W3PQ-2JJ3

Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-24 00:00
VLAI
Details

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22198"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-14T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.",
  "id": "GHSA-xwh6-w3pq-2jj3",
  "modified": "2022-04-24T00:00:39Z",
  "published": "2022-04-15T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22198"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA69513"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.