Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-489C-C5FF-93GR

Vulnerability from github – Published: 2025-10-13 12:31 – Updated: 2025-10-13 12:31
VLAI
Details

A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-13T10:15:46Z",
    "severity": "MODERATE"
  },
  "details": "A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD).\nRefer to the \u0027Security Update for Armoury Crate App\u0027 section on the ASUS Security Advisory for more information.",
  "id": "GHSA-489c-c5ff-93gr",
  "modified": "2025-10-13T12:31:11Z",
  "published": "2025-10-13T12:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9337"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/security-advisory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-48CF-Q482-5PP4

Vulnerability from github – Published: 2022-05-14 01:39 – Updated: 2022-05-14 01:39
VLAI
Details

An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-16T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.",
  "id": "GHSA-48cf-q482-5pp4",
  "modified": "2022-05-14T01:39:42Z",
  "published": "2022-05-14T01:39:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6445"
    },
    {
      "type": "WEB",
      "url": "https://dumpco.re/blog/ntpsec-bugs"
    },
    {
      "type": "WEB",
      "url": "https://dumpco.re/bugs/ntpsec-authed-npe"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46177"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-48Q6-HPWM-MQH2

Vulnerability from github – Published: 2026-05-27 12:31 – Updated: 2026-06-25 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()

bareudp_fill_metadata_dst() passes bareudp->sock to udp_tunnel6_dst_lookup() in the IPv6 path without a NULL check. The socket is only created in bareudp_open() and NULLed in bareudp_stop(), so calling this function while the device is down triggers a NULL dereference via sock->sk.

BUG: kernel NULL pointer dereference, address: 0000000000000018 RIP: 0010:udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:160) Call Trace: bareudp_fill_metadata_dst (drivers/net/bareudp.c:532) do_execute_actions (net/openvswitch/actions.c:901) ovs_execute_actions (net/openvswitch/actions.c:1589) ovs_packet_cmd_execute (net/openvswitch/datapath.c:700) genl_family_rcv_msg_doit (net/netlink/genetlink.c:1114) genl_rcv_msg (net/netlink/genetlink.c:1209) netlink_rcv_skb (net/netlink/af_netlink.c:2550)

Add a NULL check returning -ESHUTDOWN, consistent with the xmit paths in the same driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T11:16:24Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()\n\nbareudp_fill_metadata_dst() passes bareudp-\u003esock to\nudp_tunnel6_dst_lookup() in the IPv6 path without a NULL check.\nThe socket is only created in bareudp_open() and NULLed in\nbareudp_stop(), so calling this function while the device is down\ntriggers a NULL dereference via sock-\u003esk.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n RIP: 0010:udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:160)\n Call Trace:\n  \u003cTASK\u003e\n  bareudp_fill_metadata_dst (drivers/net/bareudp.c:532)\n  do_execute_actions (net/openvswitch/actions.c:901)\n  ovs_execute_actions (net/openvswitch/actions.c:1589)\n  ovs_packet_cmd_execute (net/openvswitch/datapath.c:700)\n  genl_family_rcv_msg_doit (net/netlink/genetlink.c:1114)\n  genl_rcv_msg (net/netlink/genetlink.c:1209)\n  netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n  \u003c/TASK\u003e\n\nAdd a NULL check returning -ESHUTDOWN, consistent with the xmit paths\nin the same driver.",
  "id": "GHSA-48q6-hpwm-mqh2",
  "modified": "2026-06-25T21:31:18Z",
  "published": "2026-05-27T12:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45846"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31e010a106ff6cd8ccac4bfee547fd3fa1015574"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35a115a204be08f97450b0389413e218268ef4a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51eef9c072aa3405a6823a96ae666d38a3b48750"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55193df8d6d33318435f19572bf5ea47a22eee28"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/638905520fc4fae6a80991563f264131545ba3df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74a02921c48fcd35a7881956c9e5c52b86595f5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0f4e4e8e0f5e24ddd83e3d1221732621cf34636"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa6c6d9ee064aabfede4402fd1283424e649ca19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-48V5-HP4G-W2RV

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16851"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-28T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba\u0027s AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.",
  "id": "GHSA-48v5-hp4g-w2rv",
  "modified": "2022-05-13T01:34:05Z",
  "published": "2022-05-13T01:34:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16851"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16851"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-52"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20181127-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3827-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3827-2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4345"
    },
    {
      "type": "WEB",
      "url": "https://www.samba.org/samba/security/CVE-2018-16851.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106027"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-48WW-VPPQ-9C8V

Vulnerability from github – Published: 2024-03-04 21:31 – Updated: 2025-01-07 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf

In commit 41ca9caaae0b ("drm/mediatek: hdmi: Add check for CEA modes only") a check for CEA modes was added to function mtk_hdmi_bridge_mode_valid() in order to address possible issues on MT8167; moreover, with commit c91026a938c2 ("drm/mediatek: hdmi: Add optional limit on maximal HDMI mode clock") another similar check was introduced.

Unfortunately though, at the time of writing, MT8173 does not provide any mtk_hdmi_conf structure and this is crashing the kernel with NULL pointer upon entering mtk_hdmi_bridge_mode_valid(), which happens as soon as a HDMI cable gets plugged in.

To fix this regression, add a NULL pointer check for hdmi->conf in the said function, restoring HDMI functionality and avoiding NULL pointer kernel panics.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47108"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-04T19:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf\n\nIn commit 41ca9caaae0b\n(\"drm/mediatek: hdmi: Add check for CEA modes only\") a check\nfor CEA modes was added to function mtk_hdmi_bridge_mode_valid()\nin order to address possible issues on MT8167;\nmoreover, with commit c91026a938c2\n(\"drm/mediatek: hdmi: Add optional limit on maximal HDMI mode clock\")\nanother similar check was introduced.\n\nUnfortunately though, at the time of writing, MT8173 does not provide\nany mtk_hdmi_conf structure and this is crashing the kernel with NULL\npointer upon entering mtk_hdmi_bridge_mode_valid(), which happens as\nsoon as a HDMI cable gets plugged in.\n\nTo fix this regression, add a NULL pointer check for hdmi-\u003econf in the\nsaid function, restoring HDMI functionality and avoiding NULL pointer\nkernel panics.",
  "id": "GHSA-48ww-vppq-9c8v",
  "modified": "2025-01-07T21:30:54Z",
  "published": "2024-03-04T21:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47108"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b8e19a0aa3933a785be9f1541afd8d398c4ec69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/71d07ebc5000b9c1d140e99e7493b0bafa954776"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4929-6X76-2XPW

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211_hwsim: Fix possible NULL dereference

In a call to mac80211_hwsim_select_tx_link() the sta pointer might be NULL, thus need to check that it is not NULL before accessing it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: Fix possible NULL dereference\n\nIn a call to mac80211_hwsim_select_tx_link() the sta pointer might\nbe NULL, thus need to check that it is not NULL before accessing it.",
  "id": "GHSA-4929-6x76-2xpw",
  "modified": "2025-12-04T15:30:31Z",
  "published": "2025-09-15T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53209"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0cc80943ef518a1c51a1111e9346d1daf11dd545"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8a20fed3e05b3a6866c5c58855deaf3c217ccd6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0124848c7940aba73492e282506b32a13f2e30e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4939-R4RQ-G58F

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04
VLAI
Details

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-16463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-19T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-4939-r4rq-g58f",
  "modified": "2022-05-24T17:04:43Z",
  "published": "2022-05-24T17:04:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16463"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-495H-G8P3-VVQ5

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_dump2() located in code.c. It allows an attacker to cause Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-20T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_dump2() located in code.c. It allows an attacker to cause Denial of Service.",
  "id": "GHSA-495h-g8p3-vvq5",
  "modified": "2022-05-24T19:15:04Z",
  "published": "2022-05-24T19:15:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39597"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matthiaskramm/swftools/issues/143"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-495Q-R22G-59M9

Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-11-19 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()

The returned value, pfsm->miscdev.name, from devm_kasprintf() could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c").

This issue is found by our static analysis tool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T13:15:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()\n\nThe returned value, pfsm-\u003emiscdev.name, from devm_kasprintf()\ncould be NULL.\nA pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool.",
  "id": "GHSA-495q-r22g-59m9",
  "modified": "2025-11-19T21:31:16Z",
  "published": "2025-07-25T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38368"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a10c8bff454b11ef553d9df19ee722d2df34cd0e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8d1b4f219e8833130927f19d1c8bfbf49215ce4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a99b598d836c9c6411110c70a2da134c78d96e67"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d27ee5c59881a64ea92e363502742cb4f38b7460"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-49C5-7MR2-4W43

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-07-11 00:00
VLAI
Details

A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-18730"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-23T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).",
  "id": "GHSA-49c5-7mr2-4w43",
  "modified": "2022-07-11T00:00:23Z",
  "published": "2022-05-24T19:11:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18730"
    },
    {
      "type": "WEB",
      "url": "https://github.com/airpig2011/IEC104/issues/4"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/476.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.