Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-665 (初始化不恰当) — Vulnerability Class 81

81 vulnerabilities classified as CWE-665 (初始化不恰当). AI Chinese analysis included.

CWE-665 represents a critical initialization weakness where software fails to properly set up a resource, leaving it in an unpredictable state upon access. This flaw is typically exploited when attackers leverage uninitialized variables, such as authentication flags or memory buffers, to bypass security controls or trigger undefined behavior. For instance, an uninitialized boolean flag might default to a permissive value, allowing unauthorized access without valid credentials. To mitigate this risk, developers must enforce strict initialization practices, ensuring all variables and resources are explicitly assigned safe default values before use. Implementing compiler warnings for uninitialized variables, conducting thorough code reviews, and adopting secure coding standards like OWASP guidelines further reduce the likelihood of this vulnerability. By guaranteeing that every resource starts in a known, secure state, organizations can prevent attackers from manipulating unexpected conditions to compromise system integrity.

MITRE CWE Description
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.
Common Consequences (3)
ConfidentialityRead Memory, Read Application Data
When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
Access ControlBypass Protection Mechanism
If security-critical decisions rely on a variable having a "0" or equivalent value, and the programming language performs this initialization on behalf of the programmer, then a bypass of security may occur.
AvailabilityDoS: Crash, Exit, or Restart
The uninitialized data may contain values that cause program flow to change in ways that the programmer did not intend. For example, if an uninitialized variable is used as an array index in C, then its previous contents may produce an index that is outside the range of the array, possibly causing a…
Mitigations (5)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable's type. In Perl, if explicit initializat…
Architecture and DesignIdentify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
ImplementationExplicitly initialize all your variables and other data stores, either during declaration or just before the first usage.
ImplementationPay close attention to complex conditionals that affect initialization, since some conditions might not perform the initialization.
ImplementationAvoid race conditions (CWE-362) during initialization routines.
Examples (2)
Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.
private boolean initialized = true; public void someMethod() { if (!initialized) { // perform initialization tasks ... initialized = true; }
Bad · Java
The following code intends to limit certain operations to the administrator only.
$username = GetCurrentUser(); $state = GetStateData($username); if (defined($state)) { $uid = ExtractUserID($state); } # do stuff if ($uid == 0) { DoAdminThings(); }
Bad · Perl
CVE IDTitleCVSSSeverityPublished
CVE-2026-0940 Lenovo ThinkPad 安全漏洞 — ThinkPad T14 Gen 5 BIOS 6.7 Medium2026-03-11
CVE-2026-26958 filippo.io/edwards25519 MultiScalarMult function produces invalid results or undefined behavior if receiver is not the identity — filippo.io/edwards25519 7.5AIHighAI2026-02-19
CVE-2025-48509 AMD多款产品 安全漏洞 — AMD EPYC™ 9004 Series Processors 2.3AILowAI2026-02-10
CVE-2025-14955 Open5GS PFCP handler.c ogs_pfcp_handle_create_pdr initialization — Open5GS 3.7 Low2025-12-19
CVE-2025-12902 Solidigm DC 安全漏洞 — D5-P5316, D5-P5430, D7-P5520/D7-P5620, D5-P5336 4.4 Medium2025-11-07
CVE-2024-36331 AMD Embedded Processors和AMD Server Processor 安全漏洞 — AMD EPYC™ 9004 Series Processors 3.2 Low2025-09-06
CVE-2025-22834 ThirdPartyVideo SetVariable Vulnerability — AptioV 4.2 Medium2025-08-12
CVE-2025-2149 PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization — PyTorch 2.5 Low2025-03-10
CVE-2024-11158 Rockwell Automation Arena® Uninitialized Vulnerability — Arena® 7.8 -2024-12-05
CVE-2024-54129 Improper Initialization of `imc` Scheme Leading to `SIGABRT` in ION-DTN BPv7 — ION-DTN 5.3 -2024-12-05
CVE-2024-45289 Unbounded allocation in ctl(4) CAM Target Layer — FreeBSD 9.1AICriticalAI2024-11-12
CVE-2023-32467 Dell Edge Gateway 安全漏洞 — PowerSwitch Z9664F-ON BIOS 5.7 Medium2024-07-10
CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled — Apache CloudStack 9.1 -2024-07-05
CVE-2024-0089 CVE — GPU display driver, vGPU software, and Cloud Gaming 7.8 High2024-06-13
CVE-2023-27324 Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability — Desktop 7.8 -2024-05-03
CVE-2023-27325 Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability — Desktop 7.8 -2024-05-03
CVE-2023-27322 Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability — Desktop 7.8AIHighAI2024-05-03
CVE-2023-4503 Eap-galleon: custom provisioning creates unsecured http-invoker — EAP 7.4.14 6.8 Medium2024-02-06
CVE-2023-1719 Bitrix24 Insecure Global Variable Extraction — Bitrix24 7.5 High2023-11-01
CVE-2021-33638 Run copy with container in a malicious directory may cause container escaping — iSulad 8.4 High2023-10-29
CVE-2021-33637 Export container in a malicious directory may cause process to be hijacked — iSulad 8.4 High2023-10-29
CVE-2021-33636 Load malicious images may cause process to be hijacked — iSulad 8.4 High2023-10-29
CVE-2021-33635 Pull malicious images may cause process to be hijacked — iSulad 9.8 Critical2023-10-29
CVE-2021-33634 Malicious image running containers may cause DoS attacks — lcr 6.3 Medium2023-10-29
CVE-2023-5370 arm64 boot CPUs may lack speculative execution protections — FreeBSD 8.4 -2023-10-04
CVE-2023-40596 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL — Splunk Enterprise 7.0 High2023-08-30
CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave — openenclave 5.3 Medium2023-07-17
CVE-2023-1513 Linux KVM 安全漏洞 — Linux kernel (KVM) 3.3 -2023-03-23
CVE-2021-22283 MMS File Transfer Vulnerability impact on Distribution Automation products — Relion protection relays - 611 series 6.2 Medium2023-02-28
CVE-2023-1048 TechPowerUp Ryzen DRAM Calculator WinRing0x64.sys initialization — Ryzen DRAM Calculator 5.3 Medium2023-02-26

Vulnerabilities classified as CWE-665 (初始化不恰当) represent 81 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.