Common Weakness Enumeration

CWE-909

Allowed-with-Review

Missing Initialization of Resource

Abstraction: Class · Status: Incomplete

The product does not initialize a critical resource.

96 vulnerabilities reference this CWE, most recent first.

CVE-2021-3655 (GCVE-0-2021-3655)

Vulnerability from cvelistv5 – Published: 2021-08-05 20:48 – Updated: 2024-08-03 17:01
VLAI
Summary
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a kernel Affected: kernel v5.14-rc1
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:07.956Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024"
          },
          {
            "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
          },
          {
            "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel v5.14-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-909",
              "description": "CWE-909",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-17T00:06:30.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024"
        },
        {
          "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
        },
        {
          "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-3655",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel v5.14-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-909"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024"
            },
            {
              "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
            },
            {
              "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3655",
    "datePublished": "2021-08-05T20:48:04.000Z",
    "dateReserved": "2021-07-20T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:07.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12523 (GCVE-0-2020-12523)

Vulnerability from cvelistv5 – Published: 2020-12-17 22:43 – Updated: 2024-09-16 19:04
VLAI
Title
Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration
Summary
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource
CWE
  • CWE-909 - Missing Initialization of Resource
Assigner
References
Date Public
2020-12-17 00:00
Credits
Discovered by SMST Designers & Constructors B.V., Phoenix Contact reported to CERT@VDE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-046"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TC MGUARD RS4000 4G VZW VPN (1010461)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "8.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TC MGUARD RS4000 4G ATT VPN (1010463)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "8.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "FL MGUARD RS4004 TX/DTX (2701876)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "8.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "FL MGUARD RS4004 TX/DTX VPN (2701877)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "8.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TC MGUARD RS4000 3G VPN (2903440)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "8.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TC MGUARD RS4000 4G VPN (2903586)",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "8.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Innominate mGuard rs4000 4TX/TX",
          "vendor": "Innominate",
          "versions": [
            {
              "lessThan": "8.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Innominate mGuard rs4000 4TX/TX VPN",
          "vendor": "Innominate",
          "versions": [
            {
              "lessThan": "8.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Innominate mGuard rs4000 4TX/3G/TX VPN",
          "vendor": "Innominate",
          "versions": [
            {
              "lessThan": "8.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by SMST Designers \u0026 Constructors B.V., Phoenix Contact reported to CERT@VDE"
        }
      ],
      "datePublic": "2020-12-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-909",
              "description": "CWE-909 Missing Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-17T22:43:14.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-046"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3."
        }
      ],
      "source": {
        "advisory": "VDE-2020-046",
        "defect": [
          "VDE-2020-046"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration",
      "workarounds": [
        {
          "lang": "en",
          "value": "Instead of deactivating by configuration, network cables should be detached from affected switch ports."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-12-17T09:00:00.000Z",
          "ID": "CVE-2020-12523",
          "STATE": "PUBLIC",
          "TITLE": "Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TC MGUARD RS4000 4G VZW VPN (1010461)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "8.8.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TC MGUARD RS4000 4G ATT VPN (1010463)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "8.8.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FL MGUARD RS4004 TX/DTX (2701876)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "8.8.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FL MGUARD RS4004 TX/DTX VPN (2701877)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "8.8.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TC MGUARD RS4000 3G VPN (2903440)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "8.8.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TC MGUARD RS4000 4G VPN (2903586)",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "8.8.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Contact"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Innominate mGuard rs4000 4TX/TX",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "8.8.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Innominate mGuard rs4000 4TX/TX VPN",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "8.8.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Innominate mGuard rs4000 4TX/3G/TX VPN",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "8.8.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Innominate"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "Discovered by SMST Designers \u0026 Constructors B.V., Phoenix Contact reported to CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource"
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-909 Missing Initialization of Resource"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-046",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-046"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3."
          }
        ],
        "source": {
          "advisory": "VDE-2020-046",
          "defect": [
            "VDE-2020-046"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Instead of deactivating by configuration, network cables should be detached from affected switch ports."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12523",
    "datePublished": "2020-12-17T22:43:14.788Z",
    "dateReserved": "2020-04-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:04:46.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-3804 (GCVE-0-2019-3804)

Vulnerability from cvelistv5 – Published: 2019-03-26 00:00 – Updated: 2024-08-04 19:19
VLAI
Summary
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
CWE
Assigner
Impacted products
Vendor Product Version
[UNKNOWN] cockpit Affected: 184
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.489Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:1569",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1569"
          },
          {
            "name": "RHSA-2019:1571",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1571"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cockpit-project/cockpit/pull/10819"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cockpit",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "184"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that cockpit before version 184 used glib\u0027s base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-909",
              "description": "CWE-909",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2019:1569",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1569"
        },
        {
          "name": "RHSA-2019:1571",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1571"
        },
        {
          "url": "https://github.com/cockpit-project/cockpit/pull/10819"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804"
        },
        {
          "url": "https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-3804",
    "datePublished": "2019-03-26T00:00:00.000Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-04T19:19:18.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-24G6-5RX7-58WJ

Vulnerability from github – Published: 2022-01-06 22:18 – Updated: 2022-01-07 16:13
VLAI
Summary
Missing Initialization of Resource in pnet
Details

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChannelIterator compiler optimization.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pnet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.27.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-25054"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-909"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-06T18:31:07Z",
    "nvd_published_at": "2021-12-27T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChannelIterator compiler optimization.",
  "id": "GHSA-24g6-5rx7-58wj",
  "modified": "2022-01-07T16:13:36Z",
  "published": "2022-01-06T22:18:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25054"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libpnet/libpnet/issues/449"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libpnet/libpnet"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/pnet/RUSTSEC-2019-0037.md"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2019-0037.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing Initialization of Resource in pnet"
}

GHSA-28Q3-MX7C-4CC3

Vulnerability from github – Published: 2022-08-27 00:00 – Updated: 2022-09-02 00:01
VLAI
Details

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0175"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-909"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-26T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.",
  "id": "GHSA-28q3-mx7c-4cc3",
  "modified": "2022-09-02T00:01:10Z",
  "published": "2022-08-27T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0175"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-0175"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039003"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2022-0175"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2M5X-JQMF-GR49

Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2022-05-24 17:02
VLAI
Details

In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19534"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-909"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-03T16:15:00Z",
    "severity": "LOW"
  },
  "details": "In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.",
  "id": "GHSA-2m5x-jqmf-gr49",
  "modified": "2022-05-24T17:02:35Z",
  "published": "2022-05-24T17:02:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19534"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4225-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4225-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4226-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4227-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4227-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4228-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4228-2"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2M75-32F4-6FHR

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of invalid data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-909"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-28T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of invalid data.",
  "id": "GHSA-2m75-32f4-6fhr",
  "modified": "2022-05-24T19:19:07Z",
  "published": "2022-05-24T19:19:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22482"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2R5V-RG6V-8XG5

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-10-27 19:00
VLAI
Details

A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-909"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-05T21:15:00Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.",
  "id": "GHSA-2r5v-rg6v-8xg5",
  "modified": "2022-10-27T19:00:41Z",
  "published": "2022-05-24T19:10:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3655"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-32H2-7245-4MH4

Vulnerability from github – Published: 2024-01-04 00:30 – Updated: 2024-01-04 00:30
VLAI
Details

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1319",
      "CWE-909"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-03T23:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.",
  "id": "GHSA-32h2-7245-4mh4",
  "modified": "2024-01-04T00:30:20Z",
  "published": "2024-01-04T00:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5138"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/069Vm0000004f6DIAQ"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-355F-MPQR-3MWV

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20
VLAI
Details

An issue was discovered in LibVNCServer before 0.9.13. There is a memory leak in the libvncclient/rfbproto.c ConnectToRFBRepeater function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-21247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-909"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-17T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in LibVNCServer before 0.9.13. There is a memory leak in the libvncclient/rfbproto.c ConnectToRFBRepeater function.",
  "id": "GHSA-355f-mpqr-3mwv",
  "modified": "2022-05-24T17:20:41Z",
  "published": "2022-05-24T17:20:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibVNC/libvncserver/issues/253"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all specified steps.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile your product with settings that generate warnings about uninitialized variables or data.

No CAPEC attack patterns related to this CWE.