CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-77GP-5353-3F92
Vulnerability from github – Published: 2024-09-27 15:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: the warning dereferencing obj for nbio_v7_4
if ras_manager obj null, don't print NBIO err data
{
"affected": [],
"aliases": [
"CVE-2024-46819"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-27T13:15:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: the warning dereferencing obj for nbio_v7_4\n\nif ras_manager obj null, don\u0027t print NBIO err data",
"id": "GHSA-77gp-5353-3f92",
"modified": "2025-11-04T00:31:30Z",
"published": "2024-09-27T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46819"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77MF-4F6X-V3H7
Vulnerability from github – Published: 2022-05-14 01:19 – Updated: 2022-05-14 01:19IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2016-4627"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-22T02:59:00Z",
"severity": "HIGH"
},
"details": "IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.",
"id": "GHSA-77mf-4f6x-v3h7",
"modified": "2022-05-14T01:19:04Z",
"published": "2022-05-14T01:19:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4627"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206902"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206904"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206905"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91831"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036344"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77Q9-R57C-2V78
Vulnerability from github – Published: 2022-05-17 02:45 – Updated: 2022-05-17 02:45All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges.
{
"affected": [],
"aliases": [
"CVE-2017-0341"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-09T21:29:00Z",
"severity": "HIGH"
},
"details": "All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges.",
"id": "GHSA-77q9-r57c-2v78",
"modified": "2022-05-17T02:45:14Z",
"published": "2022-05-17T02:45:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0341"
},
{
"type": "WEB",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77QX-69HX-PMQH
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2020-16599"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.",
"id": "GHSA-77qx-69hx-pmqh",
"modified": "2022-05-24T17:35:30Z",
"published": "2022-05-24T17:35:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16599"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210122-0003"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25842"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77RF-83G8-2RFH
Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-07-08 15:31In the Linux kernel, the following vulnerability has been resolved:
media: intel/ipu6: fix error pointer dereference
In a error path isp->psys is confirmed to be an error pointer not NULL so this condition is true and the error pointer is dereferenced. So isp-psys should be set to NULL before going to out_ipu6_bus_del_devices.
Detected by Smatch: drivers/media/pci/intel/ipu6/ipu6.c:690 ipu6_pci_probe() error: 'isp->psys' dereferencing possible ERR_PTR()
[Sakari Ailus: Fix commit message.]
{
"affected": [],
"aliases": [
"CVE-2026-46313"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T17:16:50Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: intel/ipu6: fix error pointer dereference\n\nIn a error path isp-\u003epsys is confirmed to be an error pointer not NULL so\nthis condition is true and the error pointer is dereferenced. So isp-psys\nshould be set to NULL before going to out_ipu6_bus_del_devices.\n\nDetected by Smatch:\ndrivers/media/pci/intel/ipu6/ipu6.c:690 ipu6_pci_probe() error:\n\u0027isp-\u003epsys\u0027 dereferencing possible ERR_PTR()\n\n[Sakari Ailus: Fix commit message.]",
"id": "GHSA-77rf-83g8-2rfh",
"modified": "2026-07-08T15:31:36Z",
"published": "2026-06-08T18:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46313"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8dd088b8b106f7b119664f965b691785998edcfb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c352f90e093ae49902e47f41579e1aa41899ff64"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f43e30646fc93799f3f48530d0ccbd52902c0541"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fad134c446189e9bb48cea1a5ca426d2889a9c71"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77RM-9X9H-XJ3G
Vulnerability from github – Published: 2022-01-27 00:01 – Updated: 2025-08-25 22:36Withdrawn Advisory
This advisory has been withdrawn because the protobuf vulnerability comes from the compiler rather that the code. This link is maintained to preserve external references.
Original Description
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Google.Protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "google/protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.google.protobuf:protobuf-java"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/protocolbuffers/protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20210218195015-ae50d9b99025"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/protocolbuffers/protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0"
},
{
"fixed": "3.15.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-22570"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-03T22:48:51Z",
"nvd_published_at": "2022-01-26T14:15:00Z",
"severity": "HIGH"
},
"details": "### Withdrawn Advisory\n\nThis advisory has been withdrawn because the protobuf vulnerability comes from the compiler rather that the code. This link is maintained to preserve external references.\n\n### Original Description\n\nNullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file\u0027s name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.",
"id": "GHSA-77rm-9x9h-xj3g",
"modified": "2025-08-25T22:36:48Z",
"published": "2022-01-27T00:01:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22570"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-77rm-9x9h-xj3g"
},
{
"type": "PACKAGE",
"url": "https://github.com/protocolbuffers/protobuf"
},
{
"type": "WEB",
"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2022-48.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220429-0005"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers",
"withdrawn": "2025-08-25T22:36:48Z"
}
GHSA-77VJ-3799-5PRC
Vulnerability from github – Published: 2025-12-03 18:30 – Updated: 2025-12-03 21:31An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-54326"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-03T17:15:52Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.",
"id": "GHSA-77vj-3799-5prc",
"modified": "2025-12-03T21:31:04Z",
"published": "2025-12-03T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54326"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54326"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77VJ-9QXR-P2QF
Vulnerability from github – Published: 2023-06-06 06:30 – Updated: 2024-04-04 04:33In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
{
"affected": [],
"aliases": [
"CVE-2022-48445"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T06:15:50Z",
"severity": "MODERATE"
},
"details": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.",
"id": "GHSA-77vj-9qxr-p2qf",
"modified": "2024-04-04T04:33:05Z",
"published": "2023-06-06T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48445"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77X5-PWH8-3QQ8
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-11-12 18:31In the Linux kernel, the following vulnerability has been resolved:
fscrypt: destroy keyring after security_sb_delete()
fscrypt_destroy_keyring() must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landlock LSM don't get evicted until security_sb_delete(), this means that fscrypt_destroy_keyring() must be called after security_sb_delete().
This fixes a WARN_ON followed by a NULL dereference, only possible if Landlock was being used on encrypted files.
{
"affected": [],
"aliases": [
"CVE-2023-53055"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: destroy keyring after security_sb_delete()\n\nfscrypt_destroy_keyring() must be called after all potentially-encrypted\ninodes were evicted; otherwise it cannot safely destroy the keyring.\nSince inodes that are in-use by the Landlock LSM don\u0027t get evicted until\nsecurity_sb_delete(), this means that fscrypt_destroy_keyring() must be\ncalled *after* security_sb_delete().\n\nThis fixes a WARN_ON followed by a NULL dereference, only possible if\nLandlock was being used on encrypted files.",
"id": "GHSA-77x5-pwh8-3qq8",
"modified": "2025-11-12T18:31:04Z",
"published": "2025-05-02T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53055"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/497ab5d9c7852dfedab2c9de75e41b60e54b7c5d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/992a3f3e8a0c92151dfdf65fc85567c865fd558a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ccb820dc7d2236b1af0d54ae038a27b5b6d5ae5a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d77531fac6a1fd9f1db0195438ba5419d72b96c4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77XX-WX8P-7PFJ
Vulnerability from github – Published: 2022-03-04 00:00 – Updated: 2022-03-17 00:04A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-23180"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-02T23:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.",
"id": "GHSA-77xx-wx8p-7pfj",
"modified": "2022-03-17T00:04:04Z",
"published": "2022-03-04T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23180"
},
{
"type": "WEB",
"url": "https://github.com/michaelrsweet/htmldoc/issues/418"
},
{
"type": "WEB",
"url": "https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967041"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/CVE-2021-23180"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.