CWE-908
Use of Uninitialized Resource
AI Translation Available
The product uses or accesses a resource that has not been initialized.
Status
incomplete
Abstraction
base
Likelihood
medium
Affected Platforms
Extended Description
AI Translation
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.
Technical Details
AI Translation
Common Consequences
confidentiality
availability
Impacts
read memory
read application data
dos: crash, exit, or restart
Detection Methods
automated static analysis
Potential Mitigations
Phases:
implementation
build and compilation
Descriptions:
•
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
•
Run or compile the product with settings that generate warnings about uninitialized variables or data.
•
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
•
Avoid race conditions (CWE-362) during initialization routines.