CWE-1419Incorrect Initialization of Resource

Description

The product attempts to initialize a resource but does not correctly do so, which might leave the resource in an unexpected, incorrect, or insecure state when it is accessed.

[object Object]

Common consequences

• Confidentiality→Read Memory,Read Application Data,Unexpected State
• Authorization,Integrity→Gain Privileges or Assume Identity
• Other→Varies by Context
  The technical impact can vary widely based on how the resource is used in the product, and whether its contents affect security decisions.

Potential mitigations

• Implementation
  Choose the safest-possible initialization for security-related resources.
• Implementation
  Ensure that each resource (whether variable, memory buffer, register, etc.) is fully initialized.
• Implementation
  Pay close attention to complex conditionals or reset sources that affect initialization, since some paths might not perform the initialization.
• Architecture and Design
  Ensure that the design and architecture clearly identify what the initialization should be, and that the initialization does not have security implications.

Related CWEs