目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-457 使用未经初始化的变量 类漏洞列表 111

CWE-457 使用未经初始化的变量 类弱点 111 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-457 属于使用未初始化变量的漏洞。在 C/C++ 等语言中,栈变量默认未初始化,可能包含内存残留的垃圾数据。攻击者可通过读取或控制这些内容,导致程序行为不可预测,进而引发信息泄露或逻辑错误。开发者应确保所有变量在使用前显式初始化,并启用编译器警告以检测潜在风险,从而消除不确定性带来的安全隐患。

MITRE CWE 官方描述
CWE:CWE-457 使用未初始化的变量(Use of Uninitialized Variable) 英文:代码使用了未初始化的变量,导致不可预测或非预期的结果。 在某些语言(如 C 和 C++)中,栈变量(stack variables)默认不会进行初始化。它们通常包含垃圾数据(junk data),即函数被调用前栈内存(stack memory)的内容。攻击者有时可以控制或读取这些内容。在其他语言或条件下,未显式初始化的变量可能会被赋予具有安全影响的默认值,这取决于程序的逻辑。未初始化变量的存在有时可能表明代码中存在拼写错误。
常见影响 (2)
Availability, Integrity, OtherOther
Initial variables usually contain junk, which can not be trusted for consistency. This can lead to denial of service conditions, or modify control flow in unexpected ways. In some cases, an attacker can "pre-initialize" the variable using previous actions, which might enable code execution. This can…
Authorization, OtherOther
Strings that are not initialized are especially dangerous, since many functions expect a null at the end -- and only at the end -- of a string.
缓解措施 (5)
ImplementationEnsure that critical variables are initialized before first use [REF-1485].
Build and CompilationMost compilers will complain about the use of uninitialized variables if warnings are turned on.
Implementation, OperationWhen using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable's name.
RequirementsChoose a language that is not susceptible to these issues.
Architecture and DesignMitigating technologies such as safe string libraries and container abstractions could be introduced.
代码示例 (2)
This code prints a greeting using information stored in a POST request:
if (isset($_POST['names'])) { $nameArray = $_POST['names']; } echo "Hello " . $nameArray['first'];
Bad · PHP
The following switch statement is intended to set the values of the variables aN and bN before they are used:
int aN, Bn; switch (ctl) { case -1: aN = 0; bN = 0; break; case 0: aN = i; bN = -i; break; case 1: aN = i + NEXT_SZ; bN = i - NEXT_SZ; break; default: aN = -1; aN = -1; break; } repaint(aN, bN);
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-8020 Chrome <148.0.7778.96 Android GPU未初始化漏洞 — Chrome--2026-05-06
CVE-2026-7982 Chrome<148.0.7778.96未初始化使用致信息泄露 — Chrome--2026-05-06
CVE-2026-7972 Chrome<148.0.7778.96未初始化使用漏洞 — Chrome--2026-05-06
CVE-2026-7955 Chrome 148.0.7778.96前版本GPU未初始化使用漏洞 — Chrome--2026-05-06
CVE-2026-7924 Chrome 148前未初始化使用致信息泄露 — Chrome--2026-05-06
CVE-2026-6311 Google Chrome 安全漏洞 — Chrome 9.6 -2026-04-15
CVE-2026-5888 Google Chrome 安全漏洞 — Chrome 6.5AIMediumAI2026-04-08
CVE-2026-4147 MongoDB Server 安全漏洞 — MongoDB Server 6.5 Medium2026-03-17
CVE-2026-20051 Cisco Nexus 3600 Platform Switches和Cisco Nexus 9500 Series Switches 安全漏洞 — Cisco NX-OS Software 7.4 High2026-02-25
CVE-2026-1333 Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞 — SOLIDWORKS eDrawings 7.8 High2026-02-16
CVE-2025-58466 QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞 — QTS 7.2AIHighAI2026-02-11
CVE-2025-29952 AMD Amd Epyc™ Embedded Processors和AMD EPYC 9005 Series 安全漏洞 — AMD EPYC™ 9005 Series Processors 6.7AIMediumAI2026-02-10
CVE-2026-22188 Panda3D 安全漏洞 — Panda3D 7.5 -2026-01-07
CVE-2025-47348 Qualcomm Chipsets 安全漏洞 — Snapdragon 7.8 High2026-01-06
CVE-2025-20784 MediaTek chipsets 安全漏洞 — MediaTek chipset 6.7 -2026-01-06
CVE-2025-10021 Open Design Alliance Drawings SDK 安全漏洞 — ODA Drawings SDK - All Versions < 2026.12 7.8AIHighAI2025-12-22
CVE-2025-20771 MediaTek Chipsets 安全漏洞 — MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793 6.7AIMediumAI2025-12-02
CVE-2025-20766 MediaTek Chipsets 安全漏洞 — MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793 6.7AIMediumAI2025-12-02
CVE-2025-64181 OpenEXR 安全漏洞 — openexr 9.1 -2025-11-10
CVE-2025-58071 F5 BIG-IP 安全漏洞 — BIG-IP 7.5 High2025-10-15
CVE-2025-7984 Ashlar-Vellum Cobalt 安全漏洞 — Cobalt 7.8AIHighAI2025-09-17
CVE-2025-7981 Ashlar-Vellum Graphite 安全漏洞 — Graphite 7.8AIHighAI2025-09-17
CVE-2025-7978 Ashlar-Vellum Graphite 安全漏洞 — Graphite 7.8AIHighAI2025-09-17
CVE-2025-59348 Dragonfly 安全漏洞 — dragonfly 7.5AIHighAI2025-09-17
CVE-2025-9450 Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞 — SOLIDWORKS eDrawings 7.8 High2025-09-17
CVE-2023-31326 AMD多款产品 安全漏洞 — AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics 2.8 Low2025-09-06
CVE-2025-5047 Autodesk AutoCAD 安全漏洞 — AutoCAD 7.8 High2025-08-15
CVE-2025-54874 OpenJPEG 安全漏洞 — openjpeg 8.1 -2025-08-05
CVE-2025-53644 OpenCV 安全漏洞 — opencv 8.8AIHighAI2025-07-17
CVE-2025-6974 Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞 — SOLIDWORKS eDrawings 7.8 High2025-07-15

CWE-457(使用未经初始化的变量) 是常见的弱点类别,本平台收录该类弱点关联的 111 条 CVE 漏洞。