CWE-909
Missing Initialization of Resource
AI Translation Available
The product does not initialize a critical resource.
Status
incomplete
Abstraction
class
Likelihood
medium
Affected Platforms
Extended Description
AI Translation
Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain properties or values.
Technical Details
AI Translation
Common Consequences
confidentiality
availability
Impacts
read memory
read application data
dos: crash, exit, or restart
Detection Methods
automated static analysis
Potential Mitigations
Phases:
implementation
build and compilation
Descriptions:
•
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all specified steps.
•
Avoid race conditions (CWE-362) during initialization routines.
•
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
•
Run or compile your product with settings that generate warnings about uninitialized variables or data.