CWE-665
DiscouragedImproper Initialization
Abstraction: Class · Status: Draft
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
425 vulnerabilities reference this CWE, most recent first.
GHSA-7X5C-HVWV-CHX9
Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2022-11-16 19:00Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2022-37334"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-11T16:15:00Z",
"severity": "HIGH"
},
"details": "Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-7x5c-hvwv-chx9",
"modified": "2022-11-16T19:00:28Z",
"published": "2022-11-11T19:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37334"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-83R5-W7X4-GJJW
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2023-01-09 18:30A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2020-9863"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-22T18:15:00Z",
"severity": "HIGH"
},
"details": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-83r5-w7x4-gjjw",
"modified": "2023-01-09T18:30:24Z",
"published": "2022-05-24T17:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9863"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211288"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211289"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211290"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211291"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-86WF-436M-H424
Vulnerability from github – Published: 2022-01-06 20:30 – Updated: 2021-03-31 21:09A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "http-proxy-agent"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10196"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-22T22:28:09Z",
"nvd_published_at": "2021-03-19T20:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.",
"id": "GHSA-86wf-436m-h424",
"modified": "2021-03-31T21:09:25Z",
"published": "2022-01-06T20:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10196"
},
{
"type": "WEB",
"url": "https://github.com/TooTallNate/node-http-proxy-agent/commit/b7b7cc793c3226aa83f820ce5c277e81862d32eb"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567245"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/607"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Resource Exhaustion Denial of Service in http-proxy-agent "
}
GHSA-8799-XC4M-6FCP
Vulnerability from github – Published: 2025-02-13 00:33 – Updated: 2025-02-13 00:33Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2024-26021"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T22:15:31Z",
"severity": "MODERATE"
},
"details": "Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.",
"id": "GHSA-8799-xc4m-6fcp",
"modified": "2025-02-13T00:33:04Z",
"published": "2025-02-13T00:33:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26021"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-87QR-9Q4H-M9JH
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
{
"affected": [],
"aliases": [
"CVE-2020-3573"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-06T19:15:00Z",
"severity": "HIGH"
},
"details": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.",
"id": "GHSA-87qr-9q4h-m9jh",
"modified": "2022-05-24T17:33:21Z",
"published": "2022-05-24T17:33:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3573"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1362"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-87VR-968R-R3QP
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
{
"affected": [],
"aliases": [
"CVE-2017-12164"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-26T16:29:00Z",
"severity": "MODERATE"
},
"details": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen.",
"id": "GHSA-87vr-968r-r3qp",
"modified": "2022-05-13T01:38:14Z",
"published": "2022-05-13T01:38:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12164"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-87WQ-V8R3-XXX5
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2024-10-08 18:32Windows Installer Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-1661"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-12T20:15:00Z",
"severity": "HIGH"
},
"details": "Windows Installer Elevation of Privilege Vulnerability",
"id": "GHSA-87wq-v8r3-xxx5",
"modified": "2024-10-08T18:32:57Z",
"published": "2022-05-24T17:38:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1661"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1661"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1661"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-88G8-F5MF-F5RJ
Vulnerability from github – Published: 2022-02-05 00:00 – Updated: 2022-02-11 16:20In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/contracts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-46320"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-11T16:20:03Z",
"nvd_published_at": "2022-02-04T12:15:00Z",
"severity": "HIGH"
},
"details": "In OpenZeppelin \u003c=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.",
"id": "GHSA-88g8-f5mf-f5rj",
"modified": "2022-02-11T16:20:03Z",
"published": "2022-02-05T00:00:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9c22-pwxw-p6hx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46320"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3006"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.4.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Initialization in OpenZeppelin"
}
GHSA-89R7-5W6C-HQPP
Vulnerability from github – Published: 2023-03-10 03:30 – Updated: 2023-03-15 18:30WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
{
"affected": [],
"aliases": [
"CVE-2023-27115"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T02:15:00Z",
"severity": "MODERATE"
},
"details": "WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.",
"id": "GHSA-89r7-5w6c-hqpp",
"modified": "2023-03-15T18:30:29Z",
"published": "2023-03-10T03:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27115"
},
{
"type": "WEB",
"url": "https://github.com/WebAssembly/wabt/issues/1938"
},
{
"type": "WEB",
"url": "https://github.com/WebAssembly/wabt/issues/1992"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8H9X-6778-M2FG
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
{
"affected": [],
"aliases": [
"CVE-2020-10138"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-21T14:15:00Z",
"severity": "HIGH"
},
"details": "Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.",
"id": "GHSA-8h9x-6778-m2fg",
"modified": "2022-05-24T17:31:22Z",
"published": "2022-05-24T17:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10138"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/114757"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable's type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some conditions might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile your product with settings that generate warnings about uninitialized variables or data.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.