CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-8C6G-4XC5-W96C
Vulnerability from github – Published: 2021-08-25 20:43 – Updated: 2023-06-13 16:57Affected versions of Claxon made an invalid assumption about the decode buffer size being a multiple of a value read from the bitstream. This could cause parts of the decode buffer to not be overwritten. If the decode buffer was newly allocated and uninitialized, this uninitialized memory could be exposed.
This allows an attacker to observe parts of the uninitialized memory in the decoded audio stream.
The flaw was corrected by checking that the value read from the bitstream divides the decode buffer size, and returning a format error if it does not. If an error is returned, the decode buffer is not exposed. Regression tests and an additional fuzzer have been added to prevent similar flaws in the future.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "claxon"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "claxon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-20992"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:24:16Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Affected versions of Claxon made an invalid assumption about the decode buffer size being a multiple of a value read from the bitstream. This could cause parts of the decode buffer to not be overwritten. If the decode buffer was newly allocated and uninitialized, this uninitialized memory could be exposed.\n\nThis allows an attacker to observe parts of the uninitialized memory in the decoded audio stream.\n\nThe flaw was corrected by checking that the value read from the bitstream divides the decode buffer size, and returning a format error if it does not. If an error is returned, the decode buffer is not exposed. Regression tests and an additional fuzzer have been added to prevent similar flaws in the future.",
"id": "GHSA-8c6g-4xc5-w96c",
"modified": "2023-06-13T16:57:24Z",
"published": "2021-08-25T20:43:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20992"
},
{
"type": "WEB",
"url": "https://github.com/ruuda/claxon/commit/8f28ec275e412dd3af4f3cda460605512faf332c"
},
{
"type": "PACKAGE",
"url": "https://github.com/ruuda/claxon"
},
{
"type": "WEB",
"url": "https://github.com/ruuda/claxon/releases/tag/v0.3.2"
},
{
"type": "WEB",
"url": "https://github.com/ruuda/claxon/releases/tag/v0.4.1"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2018-0004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Uninitialized memory exposure in claxon"
}
GHSA-8CFW-C9HX-8F9V
Vulnerability from github – Published: 2026-03-24 15:30 – Updated: 2026-03-24 21:31Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
{
"affected": [],
"aliases": [
"CVE-2026-4715"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T13:16:07Z",
"severity": "CRITICAL"
},
"details": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149 and Firefox ESR \u003c 140.9.",
"id": "GHSA-8cfw-c9hx-8f9v",
"modified": "2026-03-24T21:31:22Z",
"published": "2026-03-24T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4715"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018405"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CJX-8CPV-M8FR
Vulnerability from github – Published: 2025-10-09 18:30 – Updated: 2025-10-09 18:30A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When forwarding-options sampling is enabled, receipt of any traffic destined to the Routing Engine (RE) by the PFE line card leads to an FPC crash and restart, resulting in a Denial of Service (DoS).
Continued receipt and processing of any traffic leading to the RE by the PFE line card will create a sustained Denial of Service (DoS) condition to the PFE line card.
This issue affects Junos OS on SRX4700:
- from 24.4 before 24.4R1-S3, 24.4R2
This issue affects IPv4 and IPv6.
{
"affected": [],
"aliases": [
"CVE-2025-59964"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-09T16:15:46Z",
"severity": "HIGH"
},
"details": "A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700\u00a0devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nWhen forwarding-options sampling\u00a0is enabled, receipt\u00a0of any traffic destined to the Routing Engine (RE) by the PFE line card\u00a0leads to an FPC crash and restart, resulting in a Denial of Service (DoS). \n\nContinued receipt and processing of any traffic leading to the RE by the PFE line card will create a sustained Denial of Service (DoS) condition to the PFE line card.\n\n\nThis issue affects\u00a0Junos OS on SRX4700:\u00a0\n\n\n\n * from 24.4 before 24.4R1-S3, 24.4R2\n\n\nThis issue affects IPv4 and IPv6.",
"id": "GHSA-8cjx-8cpv-m8fr",
"modified": "2025-10-09T18:30:36Z",
"published": "2025-10-09T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59964"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA103153"
},
{
"type": "WEB",
"url": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/sampling-edit-forwarding-options.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green",
"type": "CVSS_V4"
}
]
}
GHSA-8FGG-5V78-6G76
Vulnerability from github – Published: 2021-08-25 20:52 – Updated: 2022-05-04 03:04Byte_struct stack and unpack structure as raw bytes with packed or bit field layout. An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "byte_struct"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28033"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:25:30Z",
"nvd_published_at": "2021-03-05T09:15:00Z",
"severity": "CRITICAL"
},
"details": "Byte_struct stack and unpack structure as raw bytes with packed or bit field layout. An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.",
"id": "GHSA-8fgg-5v78-6g76",
"modified": "2022-05-04T03:04:59Z",
"published": "2021-08-25T20:52:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28033"
},
{
"type": "WEB",
"url": "https://github.com/wwylele/byte-struct-rs/issues/1"
},
{
"type": "WEB",
"url": "https://github.com/wwylele/byte-struct-rs/commit/a535678377de12bc6bc22620c5f59bcc1369f76f"
},
{
"type": "PACKAGE",
"url": "https://github.com/wwylele/byte-struct-rs"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0032.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Deserializing an array can free uninitialized memory in byte_struct"
}
GHSA-8GHR-4WGH-3JQ8
Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
syzbot reported uninit memory usages during map_{lookup,delete}_elem.
========== BUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline] BUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796 __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline] dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796 _bpfmap_lookup_elem kernel/bpf/helpers.c:42 [inline] bpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38 _bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997 __bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237 ==========
The reproducer should be in the interpreter mode.
The C reproducer is trying to run the following bpf prog:
0: (18) r0 = 0x0
2: (18) r1 = map[id:49]
4: (b7) r8 = 16777216
5: (7b) *(u64 *)(r10 -8) = r8
6: (bf) r2 = r10
7: (07) r2 += -229
^^^^^^^^^^
8: (b7) r3 = 8
9: (b7) r4 = 0
10: (85) call dev_map_lookup_elem#1543472 11: (95) exit
It is due to the "void *key" (r2) passed to the helper. bpf allows uninit stack memory access for bpf prog with the right privileges. This patch uses kmsan_unpoison_memory() to mark the stack as initialized.
This should address different syzbot reports on the uninit "void *key" argument during map_{lookup,delete}_elem.
{
"affected": [],
"aliases": [
"CVE-2024-42063"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T16:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode\n\nsyzbot reported uninit memory usages during map_{lookup,delete}_elem.\n\n==========\nBUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\nBUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n__dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline]\ndev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796\n____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline]\nbpf_map_lookup_elem+0x5c/0x80 kernel/bpf/helpers.c:38\n___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997\n__bpf_prog_run256+0xb5/0xe0 kernel/bpf/core.c:2237\n==========\n\nThe reproducer should be in the interpreter mode.\n\nThe C reproducer is trying to run the following bpf prog:\n\n 0: (18) r0 = 0x0\n 2: (18) r1 = map[id:49]\n 4: (b7) r8 = 16777216\n 5: (7b) *(u64 *)(r10 -8) = r8\n 6: (bf) r2 = r10\n 7: (07) r2 += -229\n ^^^^^^^^^^\n\n 8: (b7) r3 = 8\n 9: (b7) r4 = 0\n 10: (85) call dev_map_lookup_elem#1543472\n 11: (95) exit\n\nIt is due to the \"void *key\" (r2) passed to the helper. bpf allows uninit\nstack memory access for bpf prog with the right privileges. This patch\nuses kmsan_unpoison_memory() to mark the stack as initialized.\n\nThis should address different syzbot reports on the uninit \"void *key\"\nargument during map_{lookup,delete}_elem.",
"id": "GHSA-8ghr-4wgh-3jq8",
"modified": "2025-11-04T00:31:05Z",
"published": "2024-07-29T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42063"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3189983c26108cf0990e5c46856dc9feb9470d12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d812ae6e02bd6e6a9cd1fdb09519c2f33e875faf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8742081db7d01f980c6161ae1e8a1dbc1e30979"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8J35-8P36-8W3G
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2023-07-07 21:30Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-35991"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-824",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-20T19:15:00Z",
"severity": "LOW"
},
"details": "Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-8j35-8p36-8w3g",
"modified": "2023-07-07T21:30:15Z",
"published": "2022-05-24T19:11:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35991"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-53.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8J79-G729-4VV7
Vulnerability from github – Published: 2023-02-18 00:31 – Updated: 2023-02-28 21:30HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function pci_vtsock_proc_tx in virtio-sock can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to VTSOCK_MAXSEGS, but that check is not sufficient because the function can return -1 if it finds an error it cannot recover from. Moreover, the negative return value will be used by iovec_pull in a while condition that can further lead to more corruption because the function is not designed to handle a negative iov_len. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba.
{
"affected": [],
"aliases": [
"CVE-2021-32846"
],
"database_specific": {
"cwe_ids": [
"CWE-754",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-17T23:15:00Z",
"severity": "HIGH"
},
"details": "HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba.",
"id": "GHSA-8j79-g729-4vv7",
"modified": "2023-02-28T21:30:17Z",
"published": "2023-02-18T00:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32846"
},
{
"type": "WEB",
"url": "https://github.com/moby/hyperkit/pull/313"
},
{
"type": "WEB",
"url": "https://github.com/moby/hyperkit/commit/af5eba2360a7351c08dfd9767d9be863a50ebaba"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8P72-RXH7-QV97
Vulnerability from github – Published: 2025-07-15 21:31 – Updated: 2025-07-15 21:31VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.
{
"affected": [],
"aliases": [
"CVE-2025-41239"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-15T19:15:22Z",
"severity": "HIGH"
},
"details": "VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets.\u00a0A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.",
"id": "GHSA-8p72-rxh7-qv97",
"modified": "2025-07-15T21:31:39Z",
"published": "2025-07-15T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41239"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8PG6-RV6X-WJC2
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-28 09:31In the Linux kernel, the following vulnerability has been resolved:
accel/ethosu: reject DMA commands with uninitialized length
cmd_state_init() initializes the command state with memset(0xff), leaving dma->len at U64_MAX to signal missing setup. The only setter is NPU_SET_DMA0_LEN; if userspace omits this command and issues NPU_OP_DMA_START, dma->len remains U64_MAX.
In dma_length(), a positive stride added to U64_MAX wraps to a small value. With size0 == 1, check_mul_overflow() does not trigger and dma_length() returns 0 instead of U64_MAX. The caller's U64_MAX check then passes, region_size[] stays 0, and the bounds check in ethosu_job.c is bypassed, allowing hardware to execute DMA with stale physical addresses.
Fix by checking for U64_MAX at the start of dma_length() before any arithmetic, consistent with the sentinel value used throughout the driver to detect uninitialized fields.
{
"affected": [],
"aliases": [
"CVE-2026-53170"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:34Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ethosu: reject DMA commands with uninitialized length\n\ncmd_state_init() initializes the command state with memset(0xff),\nleaving dma-\u003elen at U64_MAX to signal missing setup. The only setter\nis NPU_SET_DMA0_LEN; if userspace omits this command and issues\nNPU_OP_DMA_START, dma-\u003elen remains U64_MAX.\n\nIn dma_length(), a positive stride added to U64_MAX wraps to a small\nvalue. With size0 == 1, check_mul_overflow() does not trigger and\ndma_length() returns 0 instead of U64_MAX. The caller\u0027s U64_MAX check\nthen passes, region_size[] stays 0, and the bounds check in\nethosu_job.c is bypassed, allowing hardware to execute DMA with stale\nphysical addresses.\n\nFix by checking for U64_MAX at the start of dma_length() before any\narithmetic, consistent with the sentinel value used throughout the\ndriver to detect uninitialized fields.",
"id": "GHSA-8pg6-rv6x-wjc2",
"modified": "2026-06-28T09:31:42Z",
"published": "2026-06-25T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53170"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d9d021218162b6c4fe0bdf42b2b340f1aae23a12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb25c76a820ca8a547aa478bfb503da0a11494ab"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8V27-H3MH-WX6M
Vulnerability from github – Published: 2023-08-15 00:31 – Updated: 2024-04-04 06:56In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-21276"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-14T22:15:12Z",
"severity": "MODERATE"
},
"details": "In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n",
"id": "GHSA-8v27-h3mh-wx6m",
"modified": "2024-04-04T06:56:48Z",
"published": "2023-08-15T00:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21276"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/1272eec833fb49c30a4d8bdc432765e7c4413b3f"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.