Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-824 (使用未经初始化的指针) — Vulnerability Class 174

174 vulnerabilities classified as CWE-824 (使用未经初始化的指针). AI Chinese analysis included.

CWE-824 represents a critical memory management weakness where software accesses or utilizes a pointer that has not been properly initialized. This flaw typically arises when developers declare pointers without assigning them a valid memory address or null value, leaving them to contain arbitrary garbage data from the stack or heap. Attackers exploit this vulnerability by manipulating the uninitialized memory contents to force the application to read or write to unexpected, potentially sensitive memory locations. Such exploitation can lead to severe consequences, including denial of service through crashes, or arbitrary code execution if the uninitialized pointer is used as a function call target. To prevent this, developers must ensure all pointers are explicitly initialized to null or a valid address before use, employ static analysis tools to detect uninitialized variables, and adhere to strict memory management practices that validate pointer states prior to dereferencing.

MITRE CWE Description
The product accesses or uses a pointer that has not been initialized. If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks. Depending on memory layout, associated memory management behaviors, and product operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed.
Common Consequences (3)
ConfidentialityRead Memory
If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
AvailabilityDoS: Crash, Exit, or Restart
If the uninitialized pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" (such as NULL) or larger than expected by a read or write operation, then a crash may occur.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
CVE IDTitleCVSSSeverityPublished
CVE-2026-6524 Access of Uninitialized Pointer in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-6870 Access of Uninitialized Pointer in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-27300 Adobe Framemaker | Access of Uninitialized Pointer (CWE-824) — Adobe Framemaker 5.5 Medium2026-04-14
CVE-2026-2100 P11-kit: null dereference via c_derivekey with specific null parameters — Red Hat Hardened Images 5.3 Medium2026-03-26
CVE-2026-28547 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.8 Medium2026-03-05
CVE-2026-1200 Remote code execution via segmentation fault in increasebufferto function — rgaufman/live555 6.3 Medium2026-02-18
CVE-2026-23761 VB-Audio Voicemeeter & Matrix Drivers DoS via Improper FILE_OBJECT FsContext Initialization — Voicemeeter (Standard) 6.3AIMediumAI2026-01-22
CVE-2026-21275 InDesign Desktop | Access of Uninitialized Pointer (CWE-824) — InDesign Desktop 7.8 High2026-01-13
CVE-2026-21276 InDesign Desktop | Access of Uninitialized Pointer (CWE-824) — InDesign Desktop 7.8 High2026-01-13
CVE-2025-14739 Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND — WR940N and WR941ND 8.4AIHighAI2025-12-18
CVE-2025-66588 Access of Uninitialized Pointer vulnerability in AzeoTech DAQFactory — DAQFactory 9.8AICriticalAI2025-12-11
CVE-2025-13674 Access of Uninitialized Pointer in Wireshark — Wireshark 5.5 Medium2025-11-26
CVE-2025-13499 Access of Uninitialized Pointer in Wireshark — Wireshark 7.8 High2025-11-21
CVE-2025-23352 NVIDIA Virtual GPU Manager 缓冲区错误漏洞 — Virtual GPU Manager 7.8 High2025-10-23
CVE-2025-59478 BIG-IP AFM DoS protection profile vulnerability — BIG-IP 7.5 High2025-10-15
CVE-2025-59962 Junos OS and Junos OS Evolved: With BGP sharding enabled, change in indirect next-hop can cause RPD crash — Junos OS 5.3 Medium2025-10-09
CVE-2025-58777 KEYENCE VT STUDIO 缓冲区错误漏洞 — VT STUDIO 7.8 High2025-10-02
CVE-2025-1761 IBM Concert Software information disclosure — Concert Software 5.9 Medium2025-09-08
CVE-2025-9274 Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability — Imaris Viewer 7.8 -2025-09-02
CVE-2025-32451 Foxit Reader 缓冲区错误漏洞 — Foxit Reader 8.8 High2025-08-13
CVE-2025-54207 InDesign Desktop | Access of Uninitialized Pointer (CWE-824) — InDesign Desktop 7.8 High2025-08-12
CVE-2025-47098 InCopy | Access of Uninitialized Pointer (CWE-824) — InCopy 7.8 High2025-07-08
CVE-2025-47121 Adobe Framemaker | Access of Uninitialized Pointer (CWE-824) — Adobe Framemaker 7.8 High2025-07-08
CVE-2025-49529 Illustrator | Access of Uninitialized Pointer (CWE-824) — Illustrator 7.8 High2025-07-08
CVE-2025-43592 InDesign Desktop | Access of Uninitialized Pointer (CWE-824) — InDesign Desktop 7.8 High2025-07-08
CVE-2025-43545 Bridge | Access of Uninitialized Pointer (CWE-824) — Bridge 7.8 High2025-05-13
CVE-2025-43557 Animate | Access of Uninitialized Pointer (CWE-824) — Animate 7.8 High2025-05-13
CVE-2025-30326 Photoshop Desktop | Access of Uninitialized Pointer (CWE-824) — Photoshop Desktop 7.8 High2025-05-13
CVE-2025-1047 Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability — KeyShot 7.8 -2025-04-23
CVE-2025-2530 Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability — KeyShot 7.8 -2025-03-25

Vulnerabilities classified as CWE-824 (使用未经初始化的指针) represent 174 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.