Use of Uninitialized Resource

CWE-908

Overtime trend (NVD)

CVSS severity (NVD, All Time)

Per technology (GHSA, All time)

65%-Pip
29%-Rust
2%-NPM
2%-RubyGems

Short description

The product uses or accesses a resource that has not been initialized.

Extended description

When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

Best practices to prevent this CWE

Phase: Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Phase: Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Phase: Implementation

Avoid race conditions (CWE-362) during initialization routines.

Phase: Build and Compilation

Run or compile the product with settings that generate warnings about uninitialized variables or data.

Recently published CVEs

CVE-2024-36503
CVE-2024-32910
CVE-2024-32906
CVE-2024-29785
CVE-2024-29780

Recently published GHSA

GHSA-xfhw-6mc4-mgxf
GHSA-rvgf-69j7-xh78
GHSA-5g4r-2qhx-vqfm
GHSA-54ch-gjq5-4976
GHSA-242x-7cm6-4w8j

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

Get a Demo