CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-C4M7-C462-XMQC
Vulnerability from github – Published: 2022-09-19 00:00 – Updated: 2024-03-25 03:31drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
{
"affected": [],
"aliases": [
"CVE-2022-40768"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-18T05:15:00Z",
"severity": "MODERATE"
},
"details": "drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",
"id": "GHSA-c4m7-c462-xmqc",
"modified": "2024-03-25T03:31:43Z",
"published": "2022-09-19T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40768"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6022f210461fef67e6e676fd8544ca02d1bcfa7a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20220908145154.2284098-1-gregkh%40linuxfoundation.org"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20220908145154.2284098-1-gregkh@linuxfoundation.org"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2022/09/09/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/09/19/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C57M-77H8-88CM
Vulnerability from github – Published: 2021-12-23 00:00 – Updated: 2022-04-20 00:01When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.
{
"affected": [],
"aliases": [
"CVE-2021-40418"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-22T19:15:00Z",
"severity": "CRITICAL"
},
"details": "When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object\u2019s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object\u2019s virtual method table, which can result in code execution under the context of the application.",
"id": "GHSA-c57m-77h8-88cm",
"modified": "2022-04-20T00:01:54Z",
"published": "2021-12-23T00:00:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40418"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5F3-HWJ2-XP5P
Vulnerability from github – Published: 2026-06-28 03:33 – Updated: 2026-06-28 03:33libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2_publickey_list_free operating on an uninitialized entry. A malicious SSH server offering the publickey subsystem can use a malformed response to make cleanup free an uninitialized, attacker-influenceable attrs pointer in a connecting libssh2 client.
{
"affected": [],
"aliases": [
"CVE-2026-58051"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-28T02:16:32Z",
"severity": "HIGH"
},
"details": "libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2_publickey_list_free operating on an uninitialized entry. A malicious SSH server offering the publickey subsystem can use a malformed response to make cleanup free an uninitialized, attacker-influenceable attrs pointer in a connecting libssh2 client.",
"id": "GHSA-c5f3-hwj2-xp5p",
"modified": "2026-06-28T03:33:40Z",
"published": "2026-06-28T03:33:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58051"
},
{
"type": "WEB",
"url": "https://github.com/bikini/exploitarium/tree/main/libssh2-publickey-list-calc-poc"
},
{
"type": "WEB",
"url": "https://github.com/libssh2/libssh2/blob/master/src/publickey.c"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/libssh2-free-of-uninitialized-pointer-in-publickey-list-cleanup"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C5JX-H8PX-JRGH
Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
{
"affected": [],
"aliases": [
"CVE-2025-33070"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T17:22:55Z",
"severity": "HIGH"
},
"details": "Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.",
"id": "GHSA-c5jx-h8px-jrgh",
"modified": "2025-06-10T18:32:29Z",
"published": "2025-06-10T18:32:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33070"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33070"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C6F2-MJ5C-WFQ2
Vulnerability from github – Published: 2022-03-26 00:00 – Updated: 2022-04-08 00:00A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
{
"affected": [],
"aliases": [
"CVE-2022-0494"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.",
"id": "GHSA-c6f2-mj5c-wfq2",
"modified": "2022-04-08T00:00:38Z",
"published": "2022-03-26T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0494"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C6GV-GFXC-VRWH
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30In the Linux kernel, the following vulnerability has been resolved:
mptcp: ensure snd_una is properly initialized on connect
This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It turns out that syzkaller can trigger the retransmit after fallback and before processing any other incoming packet - so that snd_una is still left uninitialized.
Address the issue explicitly initializing snd_una together with snd_nxt and write_seq.
{
"affected": [],
"aliases": [
"CVE-2024-40931"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_una is properly initialized on connect\n\nThis is strictly related to commit fb7a0d334894 (\"mptcp: ensure snd_nxt\nis properly initialized on connect\"). It turns out that syzkaller can\ntrigger the retransmit after fallback and before processing any other\nincoming packet - so that snd_una is still left uninitialized.\n\nAddress the issue explicitly initializing snd_una together with snd_nxt\nand write_seq.",
"id": "GHSA-c6gv-gfxc-vrwh",
"modified": "2025-11-04T00:30:54Z",
"published": "2024-07-12T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40931"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C79W-GFJX-CCFH
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2017-5103"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-27T05:29:00Z",
"severity": "MODERATE"
},
"details": "Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"id": "GHSA-c79w-gfjx-ccfh",
"modified": "2022-05-13T01:02:40Z",
"published": "2022-05-13T01:02:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5103"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1833"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/726199"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201709-15"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3926"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C876-C6QG-3CQ5
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-29959"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T17:15:56Z",
"severity": "MODERATE"
},
"details": "Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-c876-c6qg-3cq5",
"modified": "2025-05-13T18:30:54Z",
"published": "2025-05-13T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29959"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29959"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C8GP-PFR5-2MM3
Vulnerability from github – Published: 2024-03-18 12:30 – Updated: 2024-10-31 18:31In the Linux kernel, the following vulnerability has been resolved:
nbd: always initialize struct msghdr completely
syzbot complains that msg->msg_get_inq value can be uninitialized [1]
struct msghdr got many new fields recently, we should always make sure their values is zero by default.
[1] BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x12b/0x1e0 net/socket.c:1066 __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700 worker_thread+0xf45/0x1490 kernel/workqueue.c:2781 kthread+0x3ed/0x540 kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
Local variable msg created at: __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863
CPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: nbd5-recv recv_work
{
"affected": [],
"aliases": [
"CVE-2024-26638"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-18T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: always initialize struct msghdr completely\n\nsyzbot complains that msg-\u003emsg_get_inq value can be uninitialized [1]\n\nstruct msghdr got many new fields recently, we should always make\nsure their values is zero by default.\n\n[1]\n BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571\n tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571\n inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg+0x12b/0x1e0 net/socket.c:1066\n __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538\n nbd_read_reply drivers/block/nbd.c:732 [inline]\n recv_work+0x262/0x3100 drivers/block/nbd.c:863\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700\n worker_thread+0xf45/0x1490 kernel/workqueue.c:2781\n kthread+0x3ed/0x540 kernel/kthread.c:388\n ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\n\nLocal variable msg created at:\n __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513\n nbd_read_reply drivers/block/nbd.c:732 [inline]\n recv_work+0x262/0x3100 drivers/block/nbd.c:863\n\nCPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: nbd5-recv recv_work",
"id": "GHSA-c8gp-pfr5-2mm3",
"modified": "2024-10-31T18:31:15Z",
"published": "2024-03-18T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26638"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1960f2b534da1e6c65fb96f9e98bda773495f406"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78fbb92af27d0982634116c7a31065f24d092826"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0028f333420a65a53a63978522db680b37379dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d9c54763e5cdbbd3f81868597fe8aca3c96e6387"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C9J5-MRJC-HX8M
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2022-05-24 17:02In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
{
"affected": [],
"aliases": [
"CVE-2019-19535"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-03T16:15:00Z",
"severity": "LOW"
},
"details": "In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.",
"id": "GHSA-c9j5-mrjc-hx8m",
"modified": "2022-05-24T17:02:36Z",
"published": "2022-05-24T17:02:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19535"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30a8beeb3042f49d0537b7050fd21b490166a3d9"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.