CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-9MQ7-FM24-R296
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2025-09-17 21:30In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Init ddp_comp with devm_kcalloc()
In the case where conn_routes is true we allocate an extra slot in
the ddp_comp array but mtk_drm_crtc_create() never seemed to
initialize it in the test case I ran. For me, this caused a later
crash when we looped through the array in mtk_drm_crtc_mode_valid().
This showed up for me when I booted with slub_debug=FZPUA which
poisons the memory initially. Without slub_debug I couldn't
reproduce, presumably because the later code handles the value being
NULL and in most cases (not guaranteed in all cases) the memory the
allocator returned started out as 0.
It really doesn't hurt to initialize the array with devm_kcalloc() since the array is small and the overhead of initting a handful of elements to 0 is small. In general initting memory to zero is a safer practice and usually it's suggested to only use the non-initting alloc functions if you really need to.
Let's switch the function to use an allocation function that zeros the memory. For me, this avoids the crash.
{
"affected": [],
"aliases": [
"CVE-2024-38592"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T14:15:19Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Init `ddp_comp` with devm_kcalloc()\n\nIn the case where `conn_routes` is true we allocate an extra slot in\nthe `ddp_comp` array but mtk_drm_crtc_create() never seemed to\ninitialize it in the test case I ran. For me, this caused a later\ncrash when we looped through the array in mtk_drm_crtc_mode_valid().\nThis showed up for me when I booted with `slub_debug=FZPUA` which\npoisons the memory initially. Without `slub_debug` I couldn\u0027t\nreproduce, presumably because the later code handles the value being\nNULL and in most cases (not guaranteed in all cases) the memory the\nallocator returned started out as 0.\n\nIt really doesn\u0027t hurt to initialize the array with devm_kcalloc()\nsince the array is small and the overhead of initting a handful of\nelements to 0 is small. In general initting memory to zero is a safer\npractice and usually it\u0027s suggested to only use the non-initting alloc\nfunctions if you really need to.\n\nLet\u0027s switch the function to use an allocation function that zeros the\nmemory. For me, this avoids the crash.",
"id": "GHSA-9mq7-fm24-r296",
"modified": "2025-09-17T21:30:40Z",
"published": "2024-06-19T15:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38592"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01a2c5123e27b3c4685bf2fc4c2e879f6e0c7b33"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9fe2cc3fa44f7ad7ba5f29c1a68b2b924c17b9b1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf69d0af7db917b82aceaa44b7b1b9376609da22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9PH4-CMPW-4GMF
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2023-03-01 15:30fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
{
"affected": [],
"aliases": [
"CVE-2019-11833"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-15T13:29:00Z",
"severity": "MODERATE"
},
"details": "fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.",
"id": "GHSA-9ph4-cmpw-4gmf",
"modified": "2023-03-01T15:30:26Z",
"published": "2022-05-24T16:45:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11833"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4118-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4095-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4076-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4069-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4069-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4068-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4068-1"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GJGZIMGB72TL7OGWRMHIL43WHXFQWU4X"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108372"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9PQ7-R6QX-2RHF
Vulnerability from github – Published: 2026-02-21 00:31 – Updated: 2026-06-30 03:35GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28158.
{
"affected": [],
"aliases": [
"CVE-2026-2044"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-20T23:16:04Z",
"severity": "HIGH"
},
"details": "GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28158.",
"id": "GHSA-9pq7-r6qx-2rhf",
"modified": "2026-06-30T03:35:37Z",
"published": "2026-02-21T00:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2044"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4173"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5113"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5388"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5389"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5390"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5391"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5434"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5435"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5436"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5437"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-2044"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441521"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2044.json"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-118"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9PX7-88W4-86HP
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-27 21:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Allow UD qp_type to join multicast only
As for multicast: - The SIDR is the only mode that makes sense; - Besides PS_UDP, other port spaces like PS_IB is also allowed, as it is UD compatible. In this case qkey also needs to be set [1].
This patch allows only UD qp_type to join multicast, and set qkey to default if it's not set, to fix an uninit-value error: the ib->rec.qkey field is accessed without being initialized.
===================================================== BUG: KMSAN: uninit-value in cma_set_qkey drivers/infiniband/core/cma.c:510 [inline] BUG: KMSAN: uninit-value in cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570 cma_set_qkey drivers/infiniband/core/cma.c:510 [inline] cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570 cma_iboe_join_multicast drivers/infiniband/core/cma.c:4782 [inline] rdma_join_multicast+0x2b83/0x30a0 drivers/infiniband/core/cma.c:4814 ucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479 ucma_join_multicast+0x1e3/0x250 drivers/infiniband/core/ucma.c:1546 ucma_write+0x639/0x6d0 drivers/infiniband/core/ucma.c:1732 vfs_write+0x8ce/0x2030 fs/read_write.c:588 ksys_write+0x28c/0x520 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __ia32_sys_write+0xdb/0x120 fs/read_write.c:652 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
Local variable ib.i created at: cma_iboe_join_multicast drivers/infiniband/core/cma.c:4737 [inline] rdma_join_multicast+0x586/0x30a0 drivers/infiniband/core/cma.c:4814 ucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479
CPU: 0 PID: 29874 Comm: syz-executor.3 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 =====================================================
[1] https://lore.kernel.org/linux-rdma/20220117183832.GD84788@nvidia.com/
{
"affected": [],
"aliases": [
"CVE-2023-53525"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:57Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Allow UD qp_type to join multicast only\n\nAs for multicast:\n- The SIDR is the only mode that makes sense;\n- Besides PS_UDP, other port spaces like PS_IB is also allowed, as it is\n UD compatible. In this case qkey also needs to be set [1].\n\nThis patch allows only UD qp_type to join multicast, and set qkey to\ndefault if it\u0027s not set, to fix an uninit-value error: the ib-\u003erec.qkey\nfield is accessed without being initialized.\n\n=====================================================\nBUG: KMSAN: uninit-value in cma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\nBUG: KMSAN: uninit-value in cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\n cma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\n cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\n cma_iboe_join_multicast drivers/infiniband/core/cma.c:4782 [inline]\n rdma_join_multicast+0x2b83/0x30a0 drivers/infiniband/core/cma.c:4814\n ucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\n ucma_join_multicast+0x1e3/0x250 drivers/infiniband/core/ucma.c:1546\n ucma_write+0x639/0x6d0 drivers/infiniband/core/ucma.c:1732\n vfs_write+0x8ce/0x2030 fs/read_write.c:588\n ksys_write+0x28c/0x520 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __ia32_sys_write+0xdb/0x120 fs/read_write.c:652\n do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]\n __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180\n do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205\n do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248\n entry_SYSENTER_compat_after_hwframe+0x4d/0x5c\n\nLocal variable ib.i created at:\ncma_iboe_join_multicast drivers/infiniband/core/cma.c:4737 [inline]\nrdma_join_multicast+0x586/0x30a0 drivers/infiniband/core/cma.c:4814\nucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\n\nCPU: 0 PID: 29874 Comm: syz-executor.3 Not tainted 5.16.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n=====================================================\n\n[1] https://lore.kernel.org/linux-rdma/20220117183832.GD84788@nvidia.com/",
"id": "GHSA-9px7-88w4-86hp",
"modified": "2026-01-27T21:31:36Z",
"published": "2025-10-01T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53525"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02eabb635bc64bd1e3a7cf887d6d182bffb64b99"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/48e8e7851dc0b1584d83817a78fc7108c8904b54"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/58e84f6b3e84e46524b7e5a916b53c1ad798bc8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae11498851423d6de27aebfe12a5ee85060ab1d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb18b9dbac2bbdf7695e0bfaac4bf944ff7b207d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9QCG-M522-4J9F
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2011-1963"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-08-10T21:55:00Z",
"severity": "HIGH"
},
"details": "Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"XSLT Memory Corruption Vulnerability.\"",
"id": "GHSA-9qcg-m522-4j9f",
"modified": "2022-05-13T01:03:28Z",
"published": "2022-05-13T01:03:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1963"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12753"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9QG4-92RX-RMR9
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32Microsoft Message Queuing Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21220"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:33Z",
"severity": "HIGH"
},
"details": "Microsoft Message Queuing Information Disclosure Vulnerability",
"id": "GHSA-9qg4-92rx-rmr9",
"modified": "2025-01-14T18:32:02Z",
"published": "2025-01-14T18:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21220"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21220"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9QWC-R24C-26J3
Vulnerability from github – Published: 2024-11-19 03:31 – Updated: 2026-05-12 15:30In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
{
"affected": [],
"aliases": [
"CVE-2024-50302"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T02:16:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report.",
"id": "GHSA-9qwc-r24c-26j3",
"modified": "2026-05-12T15:30:41Z",
"published": "2024-11-19T03:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50302"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9QXQ-827H-4W5V
Vulnerability from github – Published: 2022-05-14 03:13 – Updated: 2022-05-14 03:13SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
{
"affected": [],
"aliases": [
"CVE-2015-3414"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-04-24T17:59:00Z",
"severity": "HIGH"
},
"details": "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.",
"id": "GHSA-9qxq-827h-4w5v",
"modified": "2022-05-14T03:13:01Z",
"published": "2022-05-14T03:13:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3414"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT205213"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT205267"
},
{
"type": "WEB",
"url": "https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74228"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2698-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9QXR-9QR6-7X7W
Vulnerability from github – Published: 2024-09-05 06:31 – Updated: 2025-11-04 18:31The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it.
Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
{
"affected": [],
"aliases": [
"CVE-2024-8178"
],
"database_specific": {
"cwe_ids": [
"CWE-908",
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-05T05:15:13Z",
"severity": "HIGH"
},
"details": "The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it.\n\nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.",
"id": "GHSA-9qxr-9qr6-7x7w",
"modified": "2025-11-04T18:31:19Z",
"published": "2024-09-05T06:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8178"
},
{
"type": "WEB",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240920-0010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9VMH-77R6-C322
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2011-1261"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-06-16T20:55:00Z",
"severity": "HIGH"
},
"details": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"Selection Object Memory Corruption Vulnerability.\"",
"id": "GHSA-9vmh-77r6-c322",
"modified": "2022-05-13T01:03:29Z",
"published": "2022-05-13T01:03:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1261"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12755"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.