Common Weakness Enumeration

CWE-908

Allowed

Use of Uninitialized Resource

Abstraction: Base · Status: Incomplete

The product uses or accesses a resource that has not been initialized.

822 vulnerabilities reference this CWE, most recent first.

GHSA-55PF-9MRW-9459

Vulnerability from github – Published: 2022-12-18 15:30 – Updated: 2022-12-22 21:30
VLAI
Details

** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36617"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-18T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.",
  "id": "GHSA-55pf-9mrw-9459",
  "modified": "2022-12-22T21:30:31Z",
  "published": "2022-12-18T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36617"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ewxrjk/sftpserver/commit/bf4032f34832ee11d79aa60a226cc018e7ec5eed"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.216205"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5854-W8P6-9244

Vulnerability from github – Published: 2022-05-02 00:07 – Updated: 2024-02-15 21:31
VLAI
Details

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-4197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-27T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.",
  "id": "GHSA-5854-w8p6-9244",
  "modified": "2024-02-15T21:31:23Z",
  "published": "2022-05-02T00:07:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4197"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44552"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=235298"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31549"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32538"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/19/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/24/4"
    },
    {
      "type": "WEB",
      "url": "http://www.opera.com/docs/changelogs/freebsd/952"
    },
    {
      "type": "WEB",
      "url": "http://www.opera.com/docs/changelogs/linux/952"
    },
    {
      "type": "WEB",
      "url": "http://www.opera.com/docs/changelogs/solaris/952"
    },
    {
      "type": "WEB",
      "url": "http://www.opera.com/docs/changelogs/windows/952"
    },
    {
      "type": "WEB",
      "url": "http://www.opera.com/support/search/view/894"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30768"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020720"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2416"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-589Q-F3GP-P53F

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-26T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.",
  "id": "GHSA-589q-f3gp-p53f",
  "modified": "2022-05-13T01:22:47Z",
  "published": "2022-05-13T01:22:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6976"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a"
    },
    {
      "type": "WEB",
      "url": "https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libvips/libvips/releases/tag/v8.7.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-58QX-3VCG-4XPX

Vulnerability from github – Published: 2026-05-18 19:02 – Updated: 2026-05-18 19:02
VLAI
Summary
ws: Uninitialized memory disclosure
Details

Impact

The websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument.

Proof of concept

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';

const wss = new WebSocketServer(
  { port: 0, skipUTF8Validation: true },
  function () {
    const { port } = wss.address();
    const ws = new WebSocket(`ws://localhost:${port}`, {
      skipUTF8Validation: true
    });

    ws.on('close', function (code, reason) {
      deepStrictEqual(reason, Buffer.alloc(80));
    });
  }
);

wss.on('connection', function (ws) {
  ws.close(1000, new Float32Array(20));
});

Patches

The vulnerability was fixed in ws@8.20.1 (https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086).

Credits

Credit for the private and responsible disclosure of this issue goes to Nikita Skovoroda.

Remarks

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Resources

  • https://github.com/advisories/GHSA-58qx-3vcg-4xpx
  • https://www.cve.org/CVERecord?id=CVE-2026-45736
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "ws"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.20.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-18T19:02:40Z",
    "nvd_published_at": "2026-05-15T15:16:54Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument.\n\n### Proof of concept\n\n```js\nimport { deepStrictEqual } from \u0027node:assert\u0027;\nimport { WebSocket, WebSocketServer } from \u0027ws\u0027;\n\nconst wss = new WebSocketServer(\n  { port: 0, skipUTF8Validation: true },\n  function () {\n    const { port } = wss.address();\n    const ws = new WebSocket(`ws://localhost:${port}`, {\n      skipUTF8Validation: true\n    });\n\n    ws.on(\u0027close\u0027, function (code, reason) {\n      deepStrictEqual(reason, Buffer.alloc(80));\n    });\n  }\n);\n\nwss.on(\u0027connection\u0027, function (ws) {\n  ws.close(1000, new Float32Array(20));\n});\n```\n\n### Patches\n\nThe vulnerability was fixed in ws@8.20.1 (https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086).\n\n### Credits\n\nCredit for the private and responsible disclosure of this issue goes to [Nikita Skovoroda](https://github.com/ChALkeR).\n\n### Remarks\n\nAlthough the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.\n\n### Resources\n\n- https://github.com/advisories/GHSA-58qx-3vcg-4xpx\n- https://www.cve.org/CVERecord?id=CVE-2026-45736",
  "id": "GHSA-58qx-3vcg-4xpx",
  "modified": "2026-05-18T19:02:40Z",
  "published": "2026-05-18T19:02:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
    },
    {
      "type": "WEB",
      "url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/websockets/ws"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ws: Uninitialized memory disclosure"
}

GHSA-5F32-QQ4V-9HCH

Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()

Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for ip_vs_protocol_init(), triggering the following objtool warning during build time:

vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()

At runtime, this either causes an oops when trying to load the ipvs module or a boot-time panic if ipvs is built-in. This same issue has been reported by the Intel kernel test robot previously.

Digging deeper into both LLVM and the kernel code reveals this to be a undefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer of 64 chars to store the registered protocol names and leaves it uninitialized after definition. The function calls strnlen() when concatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE strnlen() performs an extra step to check whether the last byte of the input char buffer is a null character (commit 3009f891bb9f ("fortify: Allow strlen() and strnlen() to pass compile-time known lengths")). This, together with possibly other configurations, cause the following IR to be generated:

define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section ".init.text" align 16 !kcfi_type !29 { %1 = alloca [64 x i8], align 16 ...

14: ; preds = %11 %15 = getelementptr inbounds i8, ptr %1, i64 63 %16 = load i8, ptr %15, align 1 %17 = tail call i1 @llvm.is.constant.i8(i8 %16) %18 = icmp eq i8 %16, 0 %19 = select i1 %17, i1 %18, i1 false br i1 %19, label %20, label %23

20: ; preds = %14 %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23 ...

23: ; preds = %14, %11, %20 %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24 ... }

The above code calculates the address of the last char in the buffer (value %15) and then loads from it (value %16). Because the buffer is never initialized, the LLVM GVN pass marks value %16 as undefined:

%13 = getelementptr inbounds i8, ptr %1, i64 63 br i1 undef, label %14, label %17

This gives later passes (SCCP, in particular) more DCE opportunities by propagating the undef value further, and eventually removes everything after the load on the uninitialized stack location:

define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section ".init.text" align 16 !kcfi_type !11 { %1 = alloca [64 x i8], align 16 ...

12: ; preds = %11 %13 = getelementptr inbounds i8, ptr %1, i64 63 unreachable }

In this way, the generated native code will just fall through to the next function, as LLVM does not generate any code for the unreachable IR instruction and leaves the function without a terminator.

Zero the on-stack buffer to avoid this possible UB.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53680"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T13:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n  vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n  define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n    %1 = alloca [64 x i8], align 16\n    ...\n\n  14:                                               ; preds = %11\n    %15 = getelementptr inbounds i8, ptr %1, i64 63\n    %16 = load i8, ptr %15, align 1\n    %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n    %18 = icmp eq i8 %16, 0\n    %19 = select i1 %17, i1 %18, i1 false\n    br i1 %19, label %20, label %23\n\n  20:                                               ; preds = %14\n    %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n    ...\n\n  23:                                               ; preds = %14, %11, %20\n    %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n    ...\n  }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n  %13 = getelementptr inbounds i8, ptr %1, i64 63\n  br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n  define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n    %1 = alloca [64 x i8], align 16\n    ...\n\n  12:                                               ; preds = %11\n    %13 = getelementptr inbounds i8, ptr %1, i64 63\n    unreachable\n  }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
  "id": "GHSA-5f32-qq4v-9hch",
  "modified": "2025-11-03T21:32:07Z",
  "published": "2025-01-11T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53680"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b2cbed82b7c6504a8a0fbd181f92dd56b432c12"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/124834133b32f9386bb2d8581d9ab92f65e951e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/146b6f1112eb30a19776d6c323c994e9d67790db"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31d1ddc1ce8e8d3f101a679243abb42a313ee88a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/48130002e64fd191b7d18efeb4d253fcc23e4688"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/664d0feab92495b6a27edc3d1119e232c0fe8b2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6e1776f51c95827142f1d7064118e255e2deec1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5FWG-75W6-7GF9

Vulnerability from github – Published: 2024-03-01 00:30 – Updated: 2025-01-09 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init

ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the vf2pf_lock is initialized in adf_dev_init(), which can fail and when it fail, the vf2pf_lock is either not initialized or destroyed, a subsequent use of vf2pf_lock will cause issue. To fix this issue, only set this flag if adf_dev_init() returns 0.

[ 7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0 [ 7.180345] Call Trace: [ 7.182576] mutex_lock+0xc9/0xd0 [ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat] [ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat] [ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat] [ 7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-29T23:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init\n\nADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown()\nbefore calling adf_iov_putmsg()-\u003emutex_lock(vf2pf_lock), however the\nvf2pf_lock is initialized in adf_dev_init(), which can fail and when it\nfail, the vf2pf_lock is either not initialized or destroyed, a subsequent\nuse of vf2pf_lock will cause issue.\nTo fix this issue, only set this flag if adf_dev_init() returns 0.\n\n[    7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0\n[    7.180345] Call Trace:\n[    7.182576]  mutex_lock+0xc9/0xd0\n[    7.183257]  adf_iov_putmsg+0x118/0x1a0 [intel_qat]\n[    7.183541]  adf_vf2pf_shutdown+0x4d/0x7b [intel_qat]\n[    7.183834]  adf_dev_shutdown+0x172/0x2b0 [intel_qat]\n[    7.184127]  adf_probe+0x5e9/0x600 [qat_dh895xccvf]",
  "id": "GHSA-5fwg-75w6-7gf9",
  "modified": "2025-01-09T21:31:26Z",
  "published": "2024-03-01T00:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47056"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05ec8192ee4bfdf2a8894a68350dac9f1a155fa6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09d16cee6285d37cc76311c29add6d97a7e4acda"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ea500ce6f7c9106e4a561d28e69215f3d451818"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f50392650ae794a1aea41c213c6a3e1c824413c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/20fd40fc6f2c2b41dc6f637f88d494b14e9c21f1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/446045cf682af12d9294765f6c46084b374b5654"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4c4e07140687f42bfa40e091bb4a55d7960ce4d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5G4R-2QHX-VQFM

Vulnerability from github – Published: 2022-06-06 21:22 – Updated: 2022-06-06 21:22
VLAI
Summary
Use of Uninitialized Variable in trilogy
Details

Impact

When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory.

Patches

Users of the trilogy gem should upgrade to version 2.1.1

Workarounds

This issue can be avoided by only connecting to trusted servers.

Acknowledgements

We would like to thank Sergei Volokitin for reporting this vulnerability

For more information

If you have any questions or comments about this advisory: * Open an issue in trilogy

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "trilogy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-06T21:22:05Z",
    "nvd_published_at": "2022-06-09T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory.\n\n### Patches\n\nUsers of the trilogy gem should upgrade to version 2.1.1\n\n### Workarounds\n\nThis issue can be avoided by only connecting to trusted servers.\n\n### Acknowledgements \n\nWe would like to thank Sergei Volokitin for reporting this vulnerability\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [trilogy](https://github.com/github/trilogy)\n",
  "id": "GHSA-5g4r-2qhx-vqfm",
  "modified": "2022-06-06T21:22:05Z",
  "published": "2022-06-06T21:22:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31026"
    },
    {
      "type": "WEB",
      "url": "https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/github/trilogy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/trilogy/CVE-2022-31026.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Uninitialized Variable in trilogy"
}

GHSA-5GR2-8W66-G9J9

Vulnerability from github – Published: 2023-11-20 12:30 – Updated: 2023-11-20 12:30
VLAI
Details

in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-46100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-20T12:15:08Z",
    "severity": "MODERATE"
  },
  "details": "in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.",
  "id": "GHSA-5gr2-8w66-g9j9",
  "modified": "2023-11-20T12:30:27Z",
  "published": "2023-11-20T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46100"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5GR3-55RJ-MM4C

Vulnerability from github – Published: 2024-03-04 18:30 – Updated: 2024-11-05 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: rawmidi - fix the uninitalized user_pversion

The user_pversion was uninitialized for the user space file structure in the open function, because the file private structure use kmalloc for the allocation.

The kernel ALSA sequencer code clears the file structure, so no additional fixes are required.

BugLink: https://github.com/alsa-project/alsa-lib/issues/178

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-04T18:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: rawmidi - fix the uninitalized user_pversion\n\nThe user_pversion was uninitialized for the user space file structure\nin the open function, because the file private structure use\nkmalloc for the allocation.\n\nThe kernel ALSA sequencer code clears the file structure, so no additional\nfixes are required.\n\nBugLink: https://github.com/alsa-project/alsa-lib/issues/178",
  "id": "GHSA-5gr3-55rj-mm4c",
  "modified": "2024-11-05T21:30:31Z",
  "published": "2024-03-04T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47096"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39a8fc4971a00d22536aeb7d446ee4a97810611b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b398fcbe4de1e1100867fdb6f447c6fbc8fe7085"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5H27-3WGQ-G9CF

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-21 15:34
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

fs: init flags_valid before calling vfs_fileattr_get

syzbot reported a uninit-value bug in [1].

Similar to the "*get" context where the kernel's internal file_kattr structure is initialized before calling vfs_fileattr_get(), we should use the same mechanism when using fa.

[1] BUG: KMSAN: uninit-value in fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517 vfs_fileattr_get fs/file_attr.c:94 [inline] __do_sys_file_getattr fs/file_attr.c:416 [inline]

Local variable fa.i created at: __do_sys_file_getattr fs/file_attr.c:380 [inline] __se_sys_file_getattr+0x8c/0xbd0 fs/file_attr.c:372

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:17:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: init flags_valid before calling vfs_fileattr_get\n\nsyzbot reported a uninit-value bug in [1].\n\nSimilar to the \"*get\" context where the kernel\u0027s internal file_kattr\nstructure is initialized before calling vfs_fileattr_get(), we should\nuse the same mechanism when using fa.\n\n[1]\nBUG: KMSAN: uninit-value in fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517\n fuse_fileattr_get+0xeb4/0x1450 fs/fuse/ioctl.c:517\n vfs_fileattr_get fs/file_attr.c:94 [inline]\n __do_sys_file_getattr fs/file_attr.c:416 [inline]\n\nLocal variable fa.i created at:\n __do_sys_file_getattr fs/file_attr.c:380 [inline]\n __se_sys_file_getattr+0x8c/0xbd0 fs/file_attr.c:372",
  "id": "GHSA-5h27-3wgq-g9cf",
  "modified": "2026-05-21T15:34:03Z",
  "published": "2026-05-08T15:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43474"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/379e19e820dd1c6145426b97467728b3b89c0b42"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8c182b2c8c44c6016b11d8af61715ad7ef958a1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb184dd19154fc486fa3d9e02afe70a97e54e055"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile the product with settings that generate warnings about uninitialized variables or data.

No CAPEC attack patterns related to this CWE.