CWE-456
Missing Initialization of a Variable
Description
The product does not initialize critical variables, which causes the execution environment to use unexpected values.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Unexpected State, Quality Degradation, Varies by Context
Potential Mitigations
Ensure that critical variables are initialized before first use [REF-1485].
Choose a language that is not susceptible to these issues.
CVE-2020-6078Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)
CVE-2019-3836Chain: secure communications library does not initialize a local variable for a data structure (CWE-456), leading to access of an uninitialized pointer (CWE-824).
CVE-2018-14641Chain: C union member is not initialized (CWE-456), leading to access of invalid pointer (CWE-824)
CVE-2009-2692Chain: Use of an unimplemented network socket operation pointing to an uninitialized handler function (CWE-456) causes a crash because of a null pointer dereference (CWE-476)
CVE-2020-20739A variable that has its value set in a conditional statement is sometimes used when the conditional fails, sometimes causing data leakage
CVE-2005-2978Product uses uninitialized variables for size and index, leading to resultant buffer overflow.
CVE-2005-2109Internal variable in PHP application is not initialized, allowing external modification.
CVE-2005-2193Array variable not initialized in PHP application, leading to resultant SQL injection.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now