CWE•Base•Incomplete•20 recent CVEs
CWE-908Use of Uninitialized Resource
Description
The product uses or accesses a resource that has not been initialized.
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.
Common consequences
- Confidentiality→Read Memory,Read Application DataWhen reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
- Availability→DoS: Crash, Exit, or RestartThe uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.
Potential mitigations
- ImplementationExplicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
- ImplementationPay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
- ImplementationAvoid race conditions (CWE-362) during initialization routines.
- Build and CompilationRun or compile the product with settings that generate warnings about uninitialized variables or data.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-481044.22026-06-05CVE-2026-481016.52026-06-05CVE-2026-110896.52026-06-04CVE-2026-268255.32026-06-03CVE-2026-472727.12026-05-27CVE-2026-328146.52026-05-19CVE-2026-457364.42026-05-15CVE-2025-485132026-05-15CVE-2026-403648.42026-05-12CVE-2026-434745.52026-05-08CVE-2026-434725.52026-05-08CVE-2026-434567.82026-05-08CVE-2026-434057.52026-05-08CVE-2026-433495.52026-05-08CVE-2026-432918.32026-05-08CVE-2026-432885.52026-05-08CVE-2026-432215.52026-05-06CVE-2026-431605.52026-05-06CVE-2026-431398.62026-05-06CVE-2026-430365.52026-05-01