CWE-457

Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

Mitigation ID: MIT-57

Phase: Implementation

Strategy: Attack Surface Reduction

Description:

  • Ensure that critical variables are initialized before first use [REF-1485].
Mitigation

Phase: Build and Compilation

Strategy: Compilation or Build Hardening

Description:

  • Most compilers will complain about the use of uninitialized variables if warnings are turned on.
Mitigation

Phases: Implementation, Operation

Description:

  • When using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable's name.
Mitigation

Phase: Requirements

Strategy: Language Selection

Description:

  • Choose a language that is not susceptible to these issues.
Mitigation

Phase: Architecture and Design

Description:

  • Mitigating technologies such as safe string libraries and container abstractions could be introduced.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page