Common Weakness Enumeration
CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
821 vulnerabilities reference this CWE, most recent first.
GHSA-XXQ4-9C68-6533
Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30
VLAI
Details
Windows Authentication Information Disclosure Vulnerability
Severity
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-38254"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T17:15:31Z",
"severity": "MODERATE"
},
"details": "Windows Authentication Information Disclosure Vulnerability",
"id": "GHSA-xxq4-9c68-6533",
"modified": "2024-09-10T18:30:46Z",
"published": "2024-09-10T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38254"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38254"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Implementation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Implementation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Implementation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Build and Compilation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.