CWE-909
Allowed-with-ReviewMissing Initialization of Resource
Abstraction: Class · Status: Incomplete
The product does not initialize a critical resource.
96 vulnerabilities reference this CWE, most recent first.
GHSA-HCCR-2HX6-MWMP
Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-25 00:01Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
{
"affected": [],
"aliases": [
"CVE-2022-29925"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-14T09:15:00Z",
"severity": "HIGH"
},
"details": "Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor \u0027V-SFT\u0027 versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.",
"id": "GHSA-hccr-2hx6-mwmp",
"modified": "2022-06-25T00:01:04Z",
"published": "2022-06-15T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29925"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU99188133/index.html"
},
{
"type": "WEB",
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HMQ5-VC89-4M9M
Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2022-04-20 00:01An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40403"
],
"database_specific": {
"cwe_ids": [
"CWE-456",
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-04T23:15:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-hmq5-vc89-4m9m",
"modified": "2022-04-20T00:01:31Z",
"published": "2022-02-10T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40403"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5306"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HP44-V4VF-23FQ
Vulnerability from github – Published: 2025-01-17 21:31 – Updated: 2025-01-18 00:30Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites.
{
"affected": [],
"aliases": [
"CVE-2024-52870"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-17T20:15:28Z",
"severity": "HIGH"
},
"details": "Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites.",
"id": "GHSA-hp44-v4vf-23fq",
"modified": "2025-01-18T00:30:48Z",
"published": "2025-01-17T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52870"
},
{
"type": "WEB",
"url": "https://chrismanson.com/CVE/cve-2024-52870.html"
},
{
"type": "WEB",
"url": "https://www.teradata.com/trust-security-center/data-security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JG94-6RJH-CFH5
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.
{
"affected": [],
"aliases": [
"CVE-2021-36513"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-18T17:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.",
"id": "GHSA-jg94-6rjh-cfh5",
"modified": "2022-05-24T19:17:45Z",
"published": "2022-05-24T19:17:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36513"
},
{
"type": "WEB",
"url": "https://github.com/signalwire/freeswitch/issues/1245"
},
{
"type": "WEB",
"url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6"
},
{
"type": "WEB",
"url": "https://newreleases.io/project/github/signalwire/freeswitch/release/v1.10.6"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JJ9Q-C2R3-CV43
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
{
"affected": [],
"aliases": [
"CVE-2010-3877"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-01-03T20:00:00Z",
"severity": "LOW"
},
"details": "The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.",
"id": "GHSA-jj9q-c2r3-cv43",
"modified": "2022-05-13T01:23:45Z",
"published": "2022-05-13T01:23:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3877"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649717"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64578"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52"
},
{
"type": "WEB",
"url": "http://marc.info/?l=linux-netdev\u0026m=128854507420917\u0026w=2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/11/02/7"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2010/11/04/5"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42884"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/46397"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2126"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/44630"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JQCP-W97C-4JJV
Vulnerability from github – Published: 2024-12-28 12:30 – Updated: 2025-09-26 21:30In the Linux kernel, the following vulnerability has been resolved:
thermal: testing: Initialize some variables annoteded with _free()
Variables annotated with __free() need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pointed to by them upon function return may crash the kernel.
Fix this issue in some places in the thermal testing code.
{
"affected": [],
"aliases": [
"CVE-2024-56676"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T10:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: testing: Initialize some variables annoteded with _free()\n\nVariables annotated with __free() need to be initialized if the function\ncan return before they get updated for the first time or the attempt to\nfree the memory pointed to by them upon function return may crash the\nkernel.\n\nFix this issue in some places in the thermal testing code.",
"id": "GHSA-jqcp-w97c-4jjv",
"modified": "2025-09-26T21:30:26Z",
"published": "2024-12-28T12:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56676"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0104dcdaad3a7afd141e79a5fb817a92ada910ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/526c132124a62be486bad1701f7e8e92212ccec6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M4GR-2PP5-FJMM
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2025-04-11 03:41The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.
{
"affected": [],
"aliases": [
"CVE-2010-4078"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-11-29T16:00:00Z",
"severity": "LOW"
},
"details": "The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.",
"id": "GHSA-m4gr-2pp5-fjmm",
"modified": "2025-04-11T03:41:28Z",
"published": "2022-05-13T01:23:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4078"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648665"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd02db9de73faebc51240619c7c7f99bee9f65c7"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd02db9de73faebc51240619c7c7f99bee9f65c7"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42778"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42801"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2126"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/43810"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0012"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0298"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M932-4PMG-RPMM
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:05In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111761624
{
"affected": [],
"aliases": [
"CVE-2019-9320"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111761624",
"id": "GHSA-m932-4pmg-rpmm",
"modified": "2024-04-04T02:05:37Z",
"published": "2022-05-24T16:57:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9320"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MCV2-HJV7-J2XW
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:05In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112005441
{
"affected": [],
"aliases": [
"CVE-2019-9313"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112005441",
"id": "GHSA-mcv2-hjv7-j2xw",
"modified": "2024-04-04T02:05:29Z",
"published": "2022-05-24T16:57:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9313"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MRQF-77V8-CWVF
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288
{
"affected": [],
"aliases": [
"CVE-2018-9511"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-02T19:29:00Z",
"severity": "MODERATE"
},
"details": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288",
"id": "GHSA-mrqf-77v8-cwvf",
"modified": "2022-05-13T01:53:56Z",
"published": "2022-05-13T01:53:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9511"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-10-01"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105482"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all specified steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile your product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.