CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-6X6V-877J-V9FV
Vulnerability from github – Published: 2025-08-19 18:31 – Updated: 2026-01-09 15:30In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix KMSAN uninit-value in extent_info usage
KMSAN reported a use of uninitialized value in __is_extent_mergeable()
and __is_back_mergeable() via the read extent tree path.
The root cause is that get_read_extent_info() only initializes three
fields (fofs, blk, len) of struct extent_info, leaving the
remaining fields uninitialized. This leads to undefined behavior
when those fields are accessed later, especially during
extent merging.
Fix it by zero-initializing the extent_info struct before population.
{
"affected": [],
"aliases": [
"CVE-2025-38579"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-19T17:15:35Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix KMSAN uninit-value in extent_info usage\n\nKMSAN reported a use of uninitialized value in `__is_extent_mergeable()`\n and `__is_back_mergeable()` via the read extent tree path.\n\nThe root cause is that `get_read_extent_info()` only initializes three\nfields (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the\nremaining fields uninitialized. This leads to undefined behavior\nwhen those fields are accessed later, especially during\nextent merging.\n\nFix it by zero-initializing the `extent_info` struct before population.",
"id": "GHSA-6x6v-877j-v9fv",
"modified": "2026-01-09T15:30:22Z",
"published": "2025-08-19T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38579"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01b6f5955e0008af6bc3a181310d2744bb349800"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08e8ab00a6d20d5544c932ee85a297d833895141"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/154467f4ad033473e5c903a03e7b9bca7df9a0fa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44a79437309e0ee2276ac17aaedc71253af253a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc1615d5aba4f396cf412579928539a2b124c8a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dabfa3952c8e6bfe6414dbf32e8b6c5f349dc898"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e68b751ec2b15d866967812c57cfdfc1eba6a269"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-72GM-6QCQ-3XMP
Vulnerability from github – Published: 2024-03-04 18:30 – Updated: 2025-02-03 15:31In the Linux kernel, the following vulnerability has been resolved:
asix: fix uninit-value in asix_mdio_read()
asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be uninitialized.
Fail log: BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497 asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497
{
"affected": [],
"aliases": [
"CVE-2021-47101"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-04T18:15:08Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nasix: fix uninit-value in asix_mdio_read()\n\nasix_read_cmd() may read less than sizeof(smsr) bytes and in this case\nsmsr will be uninitialized.\n\nFail log:\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\nBUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\n asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497",
"id": "GHSA-72gm-6qcq-3xmp",
"modified": "2025-02-03T15:31:59Z",
"published": "2024-03-04T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47101"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8035b1a2a37a29d8c717ef84fca8fe7278bc9f03"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d259f621c85949f30cc578cac813b82bb5169f56"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-743M-W227-WRRF
Vulnerability from github – Published: 2026-01-14 15:33 – Updated: 2026-03-25 21:30In the Linux kernel, the following vulnerability has been resolved:
um: init cpu_tasks[] earlier
This is currently done in uml_finishsetup(), but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse(), which has coverage annotations, and then the checks in check_kcov_mode() crash because current is NULL.
Simply initialize the cpu_tasks[] array statically, which fixes the crash. For the later SMP work, it seems to have not really caused any problems yet, but initialize all of the entries anyway.
{
"affected": [],
"aliases": [
"CVE-2025-71115"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-14T15:16:01Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\num: init cpu_tasks[] earlier\n\nThis is currently done in uml_finishsetup(), but e.g. with\nKCOV enabled we\u0027ll crash because some init code can call\ninto e.g. memparse(), which has coverage annotations, and\nthen the checks in check_kcov_mode() crash because current\nis NULL.\n\nSimply initialize the cpu_tasks[] array statically, which\nfixes the crash. For the later SMP work, it seems to have\nnot really caused any problems yet, but initialize all of\nthe entries anyway.",
"id": "GHSA-743m-w227-wrrf",
"modified": "2026-03-25T21:30:22Z",
"published": "2026-01-14T15:33:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71115"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b5d4416964c07c902163822a30a622111172b01"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dbbf6d47130674640cd12a0781a0fb2a575d0e44"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-764W-CH2J-96HF
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2015-5165"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-08-12T14:59:00Z",
"severity": "HIGH"
},
"details": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.",
"id": "GHSA-764w-ch2j-96hf",
"modified": "2022-05-13T01:03:35Z",
"published": "2022-05-13T01:03:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5165"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1674"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1683"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1718"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1739"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1740"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1793"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1833"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-5165"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248760"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1674.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1683.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1739.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1740.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1793.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1833.html"
},
{
"type": "WEB",
"url": "http://support.citrix.com/article/CTX201717"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3349"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76153"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033176"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-140.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7676-XQ8C-838G
Vulnerability from github – Published: 2024-11-28 06:32 – Updated: 2025-01-18 00:30In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2018-9377"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-28T01:15:04Z",
"severity": "MODERATE"
},
"details": "In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a\u00a0possible information disclosure due to uninitialized data. This could lead\u00a0to local information disclosure with no additional execution privileges\u00a0needed. User interaction is not needed for exploitation.",
"id": "GHSA-7676-xq8c-838g",
"modified": "2025-01-18T00:30:47Z",
"published": "2024-11-28T06:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9377"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-776Q-X7MF-F2FF
Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
Avoid potentially crashing in the driver because of uninitialized private data
{
"affected": [],
"aliases": [
"CVE-2024-50237"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-09T11:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: do not pass a stopped vif to the driver in .get_txpower\n\nAvoid potentially crashing in the driver because of uninitialized private data",
"id": "GHSA-776q-x7mf-f2ff",
"modified": "2025-11-04T00:31:59Z",
"published": "2024-11-09T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50237"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/393b6bc174b0dd21bb2a36c13b36e62fc3474a23"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3ccf525a73d48e814634847f6d4a6150c6f0dffc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78b698fbf37208ee921ee4cedea75b5d33d6ea9f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f6cd4d5bb7406656835a90e4f1a2192607f0c21"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0b862aa3dbcd16b3c4715259a825f48ca540088"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b2bcbe5450b20641f512d6b26c6b256a5a4f847f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c21efba8b5a86537ccdf43f77536bad02f82776c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee35c423042c9e04079fdee3db545135d609d6ea"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7787-4VJC-4737
Vulnerability from github – Published: 2023-09-14 21:30 – Updated: 2023-11-04 06:34A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-25585"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-14T21:15:10Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.",
"id": "GHSA-7787-4vjc-4737",
"modified": "2023-11-04T06:34:05Z",
"published": "2023-09-14T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-25585"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231103-0003"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78G7-JM5H-PV8Q
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-53138"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T18:15:37Z",
"severity": "MODERATE"
},
"details": "Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.",
"id": "GHSA-78g7-jm5h-pv8q",
"modified": "2025-08-12T18:31:31Z",
"published": "2025-08-12T18:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53138"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53138"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-78J4-R4GH-XCM9
Vulnerability from github – Published: 2022-07-12 00:00 – Updated: 2024-03-21 03:34softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.
{
"affected": [],
"aliases": [
"CVE-2022-35414"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-11T02:15:00Z",
"severity": "HIGH"
},
"details": "softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.",
"id": "GHSA-78j4-r4gh-xcm9",
"modified": "2024-03-21T03:34:15Z",
"published": "2022-07-12T00:00:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35414"
},
{
"type": "WEB",
"url": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482"
},
{
"type": "WEB",
"url": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa"
},
{
"type": "WEB",
"url": "https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c"
},
{
"type": "WEB",
"url": "https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c"
},
{
"type": "WEB",
"url": "https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148"
},
{
"type": "WEB",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1065"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"type": "WEB",
"url": "https://sick.codes/sick-2022-113"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg895266.html"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/qemu-devel@nongnu.org/msg895266.html"
},
{
"type": "WEB",
"url": "https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-799F-R78P-GQ9C
Vulnerability from github – Published: 2022-01-06 22:17 – Updated: 2022-01-07 16:22An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "acc_reader"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-36513"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-06T18:13:55Z",
"nvd_published_at": "2021-12-27T00:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.",
"id": "GHSA-799f-r78p-gq9c",
"modified": "2022-01-07T16:22:24Z",
"published": "2022-01-06T22:17:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36513"
},
{
"type": "WEB",
"url": "https://github.com/netvl/acc_reader/issues/1"
},
{
"type": "PACKAGE",
"url": "https://github.com/netvl/acc_reader"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/acc_reader/RUSTSEC-2020-0155.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0155.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use of Uninitialized Resource in acc_reader."
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.