目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-665 初始化不恰当 类漏洞列表 81

CWE-665 初始化不恰当 类弱点 81 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-665属于资源初始化不当漏洞,指程序未正确初始化资源,导致其处于意外状态。攻击者常利用此缺陷,通过读取未初始化的变量或内存,获取敏感信息或绕过身份验证逻辑。开发者应避免此类风险,确保在访问资源前对所有变量、指针及数据结构进行明确且正确的初始化,从而维持预期的安全状态。

MITRE CWE 官方描述
CWE:CWE-665 Improper Initialization(初始化不当) 英文:产品未初始化或错误地初始化(incorrectly initializes)了某个资源,这可能导致该资源在被访问或使用时处于意外状态。 当相关资源预期具有某些属性或值时(例如,用于确定用户是否已通过身份验证的变量),这可能会带来安全影响。
常见影响 (3)
ConfidentialityRead Memory, Read Application Data
When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
Access ControlBypass Protection Mechanism
If security-critical decisions rely on a variable having a "0" or equivalent value, and the programming language performs this initialization on behalf of the programmer, then a bypass of security may occur.
AvailabilityDoS: Crash, Exit, or Restart
The uninitialized data may contain values that cause program flow to change in ways that the programmer did not intend. For example, if an uninitialized variable is used as an array index in C, then its previous contents may produce an index that is outside the range of the array, possibly causing a…
缓解措施 (5)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable's type. In Perl, if explicit initializat…
Architecture and DesignIdentify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
ImplementationExplicitly initialize all your variables and other data stores, either during declaration or just before the first usage.
ImplementationPay close attention to complex conditionals that affect initialization, since some conditions might not perform the initialization.
ImplementationAvoid race conditions (CWE-362) during initialization routines.
代码示例 (2)
Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.
private boolean initialized = true; public void someMethod() { if (!initialized) { // perform initialization tasks ... initialized = true; }
Bad · Java
The following code intends to limit certain operations to the administrator only.
$username = GetCurrentUser(); $state = GetStateData($username); if (defined($state)) { $uid = ExtractUserID($state); } # do stuff if ($uid == 0) { DoAdminThings(); }
Bad · Perl
CVE ID标题CVSS风险等级Published
CVE-2026-0940 Lenovo ThinkPad 安全漏洞 — ThinkPad T14 Gen 5 BIOS 6.7 Medium2026-03-11
CVE-2026-26958 filippo.io/edwards25519 安全漏洞 — filippo.io/edwards25519 7.5AIHighAI2026-02-19
CVE-2025-48509 AMD多款产品 安全漏洞 — AMD EPYC™ 9004 Series Processors 2.3AILowAI2026-02-10
CVE-2025-14955 Open5GS 安全漏洞 — Open5GS 3.7 Low2025-12-19
CVE-2025-12902 Solidigm DC 安全漏洞 — D5-P5316, D5-P5430, D7-P5520/D7-P5620, D5-P5336 4.4 Medium2025-11-07
CVE-2024-36331 AMD Embedded Processors和AMD Server Processor 安全漏洞 — AMD EPYC™ 9004 Series Processors 3.2 Low2025-09-06
CVE-2025-22834 AMI AptioV 安全漏洞 — AptioV 4.2 Medium2025-08-12
CVE-2025-2149 PyTorch 安全漏洞 — PyTorch 2.5 Low2025-03-10
CVE-2024-11158 Rockwell Automation Arena 安全漏洞 — Arena® 7.8 -2024-12-05
CVE-2024-54129 NASA Interplanetary Overlay Network 安全漏洞 — ION-DTN 5.3 -2024-12-05
CVE-2024-45289 FreeBSD 安全漏洞 — FreeBSD 9.1AICriticalAI2024-11-12
CVE-2023-32467 Dell Edge Gateway 安全漏洞 — PowerSwitch Z9664F-ON BIOS 5.7 Medium2024-07-10
CVE-2024-39864 Apache CloudStack 安全漏洞 — Apache CloudStack 9.1 -2024-07-05
CVE-2024-0089 NVIDIA GPU Display Driver 安全漏洞 — GPU display driver, vGPU software, and Cloud Gaming 7.8 High2024-06-13
CVE-2023-27324 Corel Parallels Desktop 安全漏洞 — Desktop 7.8 -2024-05-03
CVE-2023-27325 Corel Parallels Desktop 安全漏洞 — Desktop 7.8 -2024-05-03
CVE-2023-27322 Corel Parallels Desktop 安全漏洞 — Desktop 7.8AIHighAI2024-05-03
CVE-2023-4503 JBoss Enterprise Application Platform 安全漏洞 — EAP 7.4.14 6.8 Medium2024-02-06
CVE-2023-1719 Bitrix24 安全漏洞 — Bitrix24 7.5 High2023-11-01
CVE-2021-33638 openEuler 安全漏洞 — iSulad 8.4 High2023-10-29
CVE-2021-33637 openEuler 安全漏洞 — iSulad 8.4 High2023-10-29
CVE-2021-33636 openEuler 安全漏洞 — iSulad 8.4 High2023-10-29
CVE-2021-33635 openEuler 安全漏洞 — iSulad 9.8 Critical2023-10-29
CVE-2021-33634 openEuler 安全漏洞 — lcr 6.3 Medium2023-10-29
CVE-2023-5370 FreeBSD 安全漏洞 — FreeBSD 8.4 -2023-10-04
CVE-2023-40596 Splunk 代码问题漏洞 — Splunk Enterprise 7.0 High2023-08-30
CVE-2023-37479 Open Enclave SDK 安全漏洞 — openenclave 5.3 Medium2023-07-17
CVE-2023-1513 Linux KVM 安全漏洞 — Linux kernel (KVM) 3.3 -2023-03-23
CVE-2021-22283 ABB REF615 IEC 安全漏洞 — Relion protection relays - 611 series 6.2 Medium2023-02-28
CVE-2023-1048 TechPowerUp Ryzen DRAM Calculator 安全漏洞 — Ryzen DRAM Calculator 5.3 Medium2023-02-26

CWE-665(初始化不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 81 条 CVE 漏洞。