English
Français
Light
Dark
System

CVEFind - Alertes CVE

Restez informé en continue
Créer un compte Ouvrez un compte Simple et Gratuit Se connecter Gérez vos alertes

CWE-909 Detail

CWE-909

Missing Initialization of Resource
MEDIUM
Incomplete
2013-02-21 00:00 +00:00
2023-10-26 00:00 +00:00
CWE Mitre.org

Alerte pour un CWE

Restez informé de toutes modifications pour un CWE spécifique.
Gestion des alertes

Missing Initialization of Resource

The product does not initialize a critical resource.

Extended Description

Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain properties or values.

Informations

Modes Of Introduction

Implementation

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Common Consequences

Scope Impact Likelihood
ConfidentialityRead Memory, Read Application Data

Note: When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
AvailabilityDoS: Crash, Exit, or Restart

Note: The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.

Observed Examples

Reference Description
CVE-2020-20739A variable that has its value set in a conditional statement is sometimes used when the conditional fails, sometimes causing data leakage
CVE-2005-1036Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap

Potential Mitigations

Phases : Implementation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all specified steps.
Phases : Implementation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Phases : Implementation
Avoid race conditions (CWE-362) during initialization routines.
Phases : Build and Compilation
Run or compile your product with settings that generate warnings about uninitialized variables or data.

Vulnerability Mapping Notes

Rationale : This CWE entry is a Class and might have Base-level children that would be more appropriate
Comments : Examine children of this entry to see if there is a better fit

Submission

Name Organization Date Date Release Version
CWE Content Team MITRE 2012-12-21 +00:00 2013-02-21 +00:00 2.4

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2019-06-20 +00:00 updated Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2021-03-15 +00:00 updated Demonstrative_Examples, Observed_Examples
CWE Content Team MITRE 2023-01-31 +00:00 updated Description, Potential_Mitigations, Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-10-26 +00:00 updated Mapping_Notes, Type

Plus d'informations
Cliquez sur le bouton à gauche (OFF), pour autoriser l'inscription de cookie améliorant les fonctionnalités du site. Cliquez sur le bouton à gauche (Tout accepter), pour ne plus autoriser l'inscription de cookie améliorant les fonctionnalités du site.