CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-M37G-V637-95Q3
Vulnerability from github – Published: 2022-05-02 03:20 – Updated: 2023-12-28 15:30The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
{
"affected": [],
"aliases": [
"CVE-2009-0949"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-06-09T17:30:00Z",
"severity": "MODERATE"
},
"details": "The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.",
"id": "GHSA-m37g-v637-95q3",
"modified": "2023-12-28T15:30:17Z",
"published": "2022-05-02T03:20:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0949"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500972"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50926"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9631"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35322"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35328"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35340"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35342"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35685"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36701"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1022321"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3865"
},
{
"type": "WEB",
"url": "http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1811"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1082.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1083.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/504032/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/35169"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-780-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M3WW-7HRP-GW9W
Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2023-06-13 19:52An issue was discovered in the ozone crate through version 0.1.0 for Rust. Memory safety is violated because of the dropping of uninitialized memory.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "ozone"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35878"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:08:59Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "An issue was discovered in the ozone crate through version 0.1.0 for Rust. Memory safety is violated because of the dropping of uninitialized memory.",
"id": "GHSA-m3ww-7hrp-gw9w",
"modified": "2023-06-13T19:52:17Z",
"published": "2021-08-25T20:47:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35878"
},
{
"type": "PACKAGE",
"url": "https://github.com/bqv/ozone"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Drop of uninitialized memory in Ozone"
}
GHSA-M48G-V3H4-PVRH
Vulnerability from github – Published: 2022-01-05 00:00 – Updated: 2022-01-12 00:01In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018.
{
"affected": [],
"aliases": [
"CVE-2022-20018"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-04T16:15:00Z",
"severity": "MODERATE"
},
"details": "In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018.",
"id": "GHSA-m48g-v3h4-pvrh",
"modified": "2022-01-12T00:01:35Z",
"published": "2022-01-05T00:00:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20018"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/January-2022"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M4W6-2G7F-9J5P
Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-30 03:37In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
Currently, when nvmet_tcp_build_pdu_iovec() detects an out-of-bounds PDU length or offset, it triggers nvmet_tcp_fatal_error(cmd->queue) and returns early. However, because the function returns void, the callers are entirely unaware that a fatal error has occurred and that the cmd->recv_msg.msg_iter was left uninitialized.
Callers such as nvmet_tcp_handle_h2c_data_pdu() proceed to blindly overwrite the queue state with queue->rcv_state = NVMET_TCP_RECV_DATA Consequently, the socket receiving loop may attempt to read incoming network data into the uninitialized iterator.
Fix this by shifting the error handling responsibility to the callers.
{
"affected": [],
"aliases": [
"CVE-2026-52989"
],
"database_specific": {
"cwe_ids": [
"CWE-390",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T17:17:09Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers\n\nCurrently, when nvmet_tcp_build_pdu_iovec() detects an out-of-bounds\nPDU length or offset, it triggers nvmet_tcp_fatal_error(cmd-\u003equeue)\nand returns early. However, because the function returns void, the\ncallers are entirely unaware that a fatal error has occurred and\nthat the cmd-\u003erecv_msg.msg_iter was left uninitialized.\n\nCallers such as nvmet_tcp_handle_h2c_data_pdu() proceed to blindly\noverwrite the queue state with queue-\u003ercv_state = NVMET_TCP_RECV_DATA\nConsequently, the socket receiving loop may attempt to read incoming\nnetwork data into the uninitialized iterator.\n\nFix this by shifting the error handling responsibility to the callers.",
"id": "GHSA-m4w6-2g7f-9j5p",
"modified": "2026-06-30T03:37:12Z",
"published": "2026-06-24T18:32:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52989"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-52989"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492443"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/046fa5c72d15cd8e2d592e275697ea399d8f76b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3df42a854686fa06484e37ac1a3931c8e3e3453c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2a11441538bdbbc5aa003f190995eba93a89b88"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d7c8f95f599b3b38a717d2e771c3f8c174f657c3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea8e356acb165cb1fd75537a52e1f66e5e76c538"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9204a2b78dd18374d3bcf9bf93d9021ce22de1b"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52989.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M54W-V4PH-6M2J
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2010-3346"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-12-16T19:33:00Z",
"severity": "HIGH"
},
"details": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Element Memory Corruption Vulnerability.\"",
"id": "GHSA-m54w-v4ph-6m2j",
"modified": "2022-05-13T01:03:30Z",
"published": "2022-05-13T01:03:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3346"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12322"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1024872"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M5G9-VGM2-5CVW
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-24 18:32In the Linux kernel, the following vulnerability has been resolved:
net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
rtnl_fill_vfinfo() declares struct ifla_vf_broadcast on the stack without initialisation:
struct ifla_vf_broadcast vf_broadcast;
The struct contains a single fixed 32-byte field:
/* include/uapi/linux/if_link.h */
struct ifla_vf_broadcast {
__u8 broadcast[32];
};
The function then copies dev->broadcast into it using dev->addr_len as the length:
memcpy(vf_broadcast.broadcast, dev->broadcast, dev->addr_len);
On Ethernet devices (the overwhelming majority of SR-IOV NICs) dev->addr_len is 6, so only the first 6 bytes of broadcast[] are written. The remaining 26 bytes retain whatever was previously on the kernel stack. The full struct is then handed to userspace via:
nla_put(skb, IFLA_VF_BROADCAST,
sizeof(vf_broadcast), &vf_broadcast)
leaking up to 26 bytes of uninitialised kernel stack per VF per RTM_GETLINK request, repeatable.
The other vf_* structs in the same function are explicitly zeroed for exactly this reason - see the memset() calls for ivi, vf_vlan_info, node_guid and port_guid a few lines above. vf_broadcast was simply missed when it was added.
Reachability: any unprivileged local process can open AF_NETLINK / NETLINK_ROUTE without capabilities and send RTM_GETLINK with an IFLA_EXT_MASK attribute carrying RTEXT_FILTER_VF. The kernel walks each VF and emits IFLA_VF_BROADCAST, leaking 26 bytes of stack per VF per request. Stack residue at this call site can include return addresses and transient sensitive data; KASAN with stack instrumentation, or KMSAN, will flag the nla_put() when reproduced.
Zero the on-stack struct before the partial memcpy, matching the existing pattern used for the other vf_* structs in the same function.
{
"affected": [],
"aliases": [
"CVE-2026-46132"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo\n\nrtnl_fill_vfinfo() declares struct ifla_vf_broadcast on the stack\nwithout initialisation:\n\n\tstruct ifla_vf_broadcast vf_broadcast;\n\nThe struct contains a single fixed 32-byte field:\n\n\t/* include/uapi/linux/if_link.h */\n\tstruct ifla_vf_broadcast {\n\t\t__u8 broadcast[32];\n\t};\n\nThe function then copies dev-\u003ebroadcast into it using dev-\u003eaddr_len\nas the length:\n\n\tmemcpy(vf_broadcast.broadcast, dev-\u003ebroadcast, dev-\u003eaddr_len);\n\nOn Ethernet devices (the overwhelming majority of SR-IOV NICs)\ndev-\u003eaddr_len is 6, so only the first 6 bytes of broadcast[] are\nwritten. The remaining 26 bytes retain whatever was previously on\nthe kernel stack. The full struct is then handed to userspace via:\n\n\tnla_put(skb, IFLA_VF_BROADCAST,\n\t\tsizeof(vf_broadcast), \u0026vf_broadcast)\n\nleaking up to 26 bytes of uninitialised kernel stack per VF per\nRTM_GETLINK request, repeatable.\n\nThe other vf_* structs in the same function are explicitly zeroed\nfor exactly this reason - see the memset() calls for ivi,\nvf_vlan_info, node_guid and port_guid a few lines above.\nvf_broadcast was simply missed when it was added.\n\nReachability: any unprivileged local process can open AF_NETLINK /\nNETLINK_ROUTE without capabilities and send RTM_GETLINK with an\nIFLA_EXT_MASK attribute carrying RTEXT_FILTER_VF. The kernel walks\neach VF and emits IFLA_VF_BROADCAST, leaking 26 bytes of stack per\nVF per request. Stack residue at this call site can include return\naddresses and transient sensitive data; KASAN with stack\ninstrumentation, or KMSAN, will flag the nla_put() when reproduced.\n\nZero the on-stack struct before the partial memcpy, matching the\nexisting pattern used for the other vf_* structs in the same\nfunction.",
"id": "GHSA-m5g9-vgm2-5cvw",
"modified": "2026-06-24T18:32:33Z",
"published": "2026-05-28T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46132"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0653c0516234c8258975d268a749115fc0f0ff00"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14271b401ec6a4bf0d88054106fc2956084717e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38bcc21f52246badb3154b6158dcb381d98de011"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b9e327991815e128ad3af75c3a04630a63ce3e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a44fbb631cba646532f3948636626f81717365a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c5b1b92ab7eff1a6e8c507ddde6fd02fabd0cfa8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cccce3190ba4356432b9f22369b56123d3d89f0d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fbe0e6197225e6a83cf113a67a4b425f8de0bcd5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M5XQ-Q856-P5JF
Vulnerability from github – Published: 2023-09-14 21:30 – Updated: 2023-11-04 06:34A flaw was found in Binutils. The field the_bfd of asymbolstruct is uninitialized in the bfd_mach_o_get_synthetic_symtab function, which may lead to an application crash and local denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-25588"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-14T21:15:10Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.",
"id": "GHSA-m5xq-q856-p5jf",
"modified": "2023-11-04T06:34:05Z",
"published": "2023-09-14T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25588"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-25588"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231103-0003"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M6CX-H2F4-5JR4
Vulnerability from github – Published: 2024-05-19 09:34 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
syzbot reported the following uninit-value access issue [1][2]:
nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded.
This patch resolved this issue by checking payload size before calling each message type handler codes.
{
"affected": [],
"aliases": [
"CVE-2024-35915"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T09:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet\n\nsyzbot reported the following uninit-value access issue [1][2]:\n\nnci_rx_work() parses and processes received packet. When the payload\nlength is zero, each message type handler reads uninitialized payload\nand KMSAN detects this issue. The receipt of a packet with a zero-size\npayload is considered unexpected, and therefore, such packets should be\nsilently discarded.\n\nThis patch resolved this issue by checking payload size before calling\neach message type handler codes.",
"id": "GHSA-m6cx-h2f4-5jr4",
"modified": "2026-05-12T12:31:49Z",
"published": "2024-05-19T09:34:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35915"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03fe259649a551d336a7f20919b641ea100e3fff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11387b2effbb55f58dc2111ef4b4b896f2756240"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8948e30de81faee87eeee01ef42a1f6008f5a83a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a946ebee45b09294c8b0b0e77410b763c4d2817a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ac68d9fa09e410fa3ed20fb721d56aa558695e16"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d24b03535e5eb82e025219c2f632b485409c898f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M6RF-VJJX-JV33
Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26Information disclosure in modem due to missing NULL check while reading packets received from local network
{
"affected": [],
"aliases": [
"CVE-2022-25737"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-13T07:15:00Z",
"severity": "HIGH"
},
"details": "Information disclosure in modem due to missing NULL check while reading packets received from local network",
"id": "GHSA-m6rf-vjjx-jv33",
"modified": "2024-04-04T03:26:57Z",
"published": "2023-04-13T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25737"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M7X8-VQR5-HRMV
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2022-05-24 16:50WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
{
"affected": [],
"aliases": [
"CVE-2019-1010319"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-11T20:15:00Z",
"severity": "MODERATE"
},
"details": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
"id": "GHSA-m7x8-vqr5-hrmv",
"modified": "2022-05-24T16:50:02Z",
"published": "2022-05-24T16:50:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010319"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/issues/68"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYESOAZ6Z6IG4BQBURL6OUY6P4YB6SKS"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4062-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.