Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-824 (使用未经初始化的指针) — Vulnerability Class 174

174 vulnerabilities classified as CWE-824 (使用未经初始化的指针). AI Chinese analysis included.

CWE-824 represents a critical memory management weakness where software accesses or utilizes a pointer that has not been properly initialized. This flaw typically arises when developers declare pointers without assigning them a valid memory address or null value, leaving them to contain arbitrary garbage data from the stack or heap. Attackers exploit this vulnerability by manipulating the uninitialized memory contents to force the application to read or write to unexpected, potentially sensitive memory locations. Such exploitation can lead to severe consequences, including denial of service through crashes, or arbitrary code execution if the uninitialized pointer is used as a function call target. To prevent this, developers must ensure all pointers are explicitly initialized to null or a valid address before use, employ static analysis tools to detect uninitialized variables, and adhere to strict memory management practices that validate pointer states prior to dereferencing.

MITRE CWE Description
The product accesses or uses a pointer that has not been initialized. If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks. Depending on memory layout, associated memory management behaviors, and product operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed.
Common Consequences (3)
ConfidentialityRead Memory
If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
AvailabilityDoS: Crash, Exit, or Restart
If the uninitialized pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" (such as NULL) or larger than expected by a read or write operation, then a crash may occur.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
CVE IDTitleCVSSSeverityPublished
CVE-2023-47054 ZDI-CAN-21782: Adobe Audition MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability — Audition 5.5 Medium2023-11-16
CVE-2023-47044 ZDI-CAN-21789: Adobe Media Encoder MP4 File Uninitialized Variable Information Disclosure Vulnerability — Media Encoder 5.5 Medium2023-11-16
CVE-2023-44329 ZDI-CAN-21798: Adobe Bridge MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability — Bridge 5.5 Medium2023-11-16
CVE-2023-44327 ZDI-CAN-21793: Adobe Bridge MP4 File Uninitialized Variable Information Disclosure Vulnerability — Bridge 5.5 Medium2023-11-16
CVE-2023-44365 ZDI-CAN-21931: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability — Acrobat Reader 7.8 High2023-11-16
CVE-2023-27858 Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability — Arena Simulation 7.8 High2023-10-27
CVE-2023-26370 ZDI-CAN-21257: Adobe Photoshop PSD File Parsing Uninitialized Variable Remote Code Execution Vulnerability — Photoshop Desktop 7.8 High2023-10-11
CVE-2023-20597 AMD DXE Driver 安全漏洞 — Ryzen™ 3000 Series Desktop Processors “Matisse” 4.4 -2023-09-20
CVE-2023-20594 AMD DXE Driver 安全漏洞 — Ryzen™ 3000 Series Desktop Processors “Matisse” 4.4 -2023-09-20
CVE-2023-4508 Denial of Service in Gerbv — gerbv 5.5 Medium2023-08-24
CVE-2023-38246 Adobe Acrobat Reader DC ActiveX Control (AxAcroPDFLib.AxAcroPDF) stack-based stale pointer vulnerability — Acrobat Reader 7.8 High2023-08-10
CVE-2023-38226 ZDI-CAN-21240: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability — Acrobat Reader 7.8 High2023-08-10
CVE-2023-38223 ZDI-CAN-21063: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability — Acrobat Reader 7.8 High2023-08-10
CVE-2023-38234 ZDI-CAN-21359: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability — Acrobat Reader 7.8 High2023-08-10
CVE-2022-44451 Babel 缓冲区错误漏洞 — Open Babel 9.8 Critical2023-07-21
CVE-2022-42885 Babel 缓冲区错误漏洞 — Open Babel 9.8 Critical2023-07-21
CVE-2022-46280 Babel 缓冲区错误漏洞 — Open Babel 9.8 Critical2023-07-21
CVE-2023-21618 ZDI-CAN-20963: Adobe Substance 3D Designer SBS File Parsing Uninitialized Variable Remote Code Execution Vulnerability — Substance3D - Designer 7.8 High2023-06-15
CVE-2023-29178 Fortinet FortiProxy 缓冲区错误漏洞 — FortiProxy 4.1 Medium2023-06-13
CVE-2023-31244 Horner Automation Cscape 缓冲区错误漏洞 — Cscape 7.8 High2023-06-06
CVE-2023-24826 Usage of Uninitialized Timer during forwarding of Fragments with SFR — RIOT 5.9 Medium2023-05-30
CVE-2023-29286 ZDI-CAN-20369: Adobe Substance 3D Painter USD File Parsing Uninitialized Variable Information Disclosure Vulnerability — Substance3D - Painter 5.5 Medium2023-05-11
CVE-2023-29278 ZDI-CAN-20371: Adobe Substance 3D Painter GLTF File Parsing Uninitialized Variable Information Disclosure Vulnerability — Substance3D - Painter 7.8 High2023-05-11
CVE-2023-30847 H2O vulnerable to read from uninitialized pointer in the reverse proxy handler — h2o 8.2 High2023-04-27
CVE-2023-26386 ZDI-CAN-20266: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability — Substance3D - Stager 5.5 Medium2023-04-12
CVE-2023-26387 ZDI-CAN-20265: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability — Substance3D - Stager 5.5 Medium2023-04-12
CVE-2022-43609 IronCAD 缓冲区错误漏洞 — IronCAD 7.8 -2023-03-29
CVE-2023-26334 ZDI-CAN-20149: Adobe Dimension USD File Parsing Uninitialized Pointer Information Disclosure Vulnerability — Dimension 7.8 High2023-03-28
CVE-2023-26344 ZDI-CAN-19467: Adobe Dimension USD File Access of Uninitialized Pointer Information Disclosure Vulnerability — Dimension 5.5 Medium2023-03-28
CVE-2022-43606 EIPStackGroup OpENer 缓冲区错误漏洞 — OpENer 7.5 High2023-03-16

Vulnerabilities classified as CWE-824 (使用未经初始化的指针) represent 174 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.