Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-824 (使用未经初始化的指针) — Vulnerability Class 174

174 vulnerabilities classified as CWE-824 (使用未经初始化的指针). AI Chinese analysis included.

CWE-824 represents a critical memory management weakness where software accesses or utilizes a pointer that has not been properly initialized. This flaw typically arises when developers declare pointers without assigning them a valid memory address or null value, leaving them to contain arbitrary garbage data from the stack or heap. Attackers exploit this vulnerability by manipulating the uninitialized memory contents to force the application to read or write to unexpected, potentially sensitive memory locations. Such exploitation can lead to severe consequences, including denial of service through crashes, or arbitrary code execution if the uninitialized pointer is used as a function call target. To prevent this, developers must ensure all pointers are explicitly initialized to null or a valid address before use, employ static analysis tools to detect uninitialized variables, and adhere to strict memory management practices that validate pointer states prior to dereferencing.

MITRE CWE Description
The product accesses or uses a pointer that has not been initialized. If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks. Depending on memory layout, associated memory management behaviors, and product operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed.
Common Consequences (3)
ConfidentialityRead Memory
If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
AvailabilityDoS: Crash, Exit, or Restart
If the uninitialized pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" (such as NULL) or larger than expected by a read or write operation, then a crash may occur.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
CVE IDTitleCVSSSeverityPublished
CVE-2022-45861 Fortinet FortiOS 缓冲区错误漏洞 — FortiOS 6.4 Medium2023-03-07
CVE-2023-24978 Tecnomatix Plant Simulation 缓冲区错误漏洞 — Tecnomatix Plant Simulation 7.8 High2023-02-14
CVE-2023-24563 Siemens Solid Edge 缓冲区错误漏洞 — Solid Edge SE2022 7.8 High2023-02-14
CVE-2023-24562 Siemens Solid Edge 缓冲区错误漏洞 — Solid Edge SE2022 7.8 High2023-02-14
CVE-2023-24561 Siemens Solid Edge 缓冲区错误漏洞 — Solid Edge SE2022 7.8 High2023-02-14
CVE-2022-33280 Access of uninitialized pointer in Bluetooth HOST — Snapdragon 7.3 High2023-02-09
CVE-2023-22398 Junos OS and Junos OS Evolved: RPD might crash when MPLS ping is performed on BGP LSPs — Junos OS 5.3 Medium2023-01-12
CVE-2022-3084 GE CIMPLICITY Access of Uninitialized Pointer — CIMPLICITY 7.8 High2022-12-07
CVE-2022-2952 GE CIMPLICITY Access of Uninitialized Pointer — CIMPLICITY 7.8 High2022-12-07
CVE-2022-42895 Info Leak in l2cap_core in the Linux Kernel — Linux Kernel 5.1 Medium2022-11-23
CVE-2022-3377 Horner Automation Cscape 缓冲区错误漏洞 — Cscape 7.8 High2022-10-27
CVE-2022-3378 Horner Automation Cscape 缓冲区错误漏洞 — Cscape 7.8 High2022-10-27
CVE-2022-22236 Junos OS: SRX Series and MX Series: When specific valid SIP packets are received the PFE will crash — Junos OS 7.5 High2022-10-18
CVE-2022-38138 多款Triangle Microworks产品缓冲区错误漏洞 — Library: IEC 61850 7.5 High2022-10-11
CVE-2022-41851 Siemens Simcenter Femap 缓冲区错误漏洞 — JTTK 7.8 -2022-10-11
CVE-2022-38426 Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability — Photoshop 7.8 High2022-09-16
CVE-2022-38427 Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability — Photoshop 7.8 High2022-09-16
CVE-2022-40649 Ansys SpaceClaim 缓冲区错误漏洞 — SpaceClaim 7.8 -2022-09-15
CVE-2022-40646 Ansys SpaceClaim 缓冲区错误漏洞 — SpaceClaim 7.8 -2022-09-15
CVE-2022-40645 Ansys SpaceClaim 缓冲区错误漏洞 — SpaceClaim 7.8 -2022-09-15
CVE-2022-40643 Ansys SpaceClaim 缓冲区错误漏洞 — SpaceClaim 7.8 -2022-09-15
CVE-2022-40642 Ansys SpaceClaim 缓冲区错误漏洞 — SpaceClaim 7.8 -2022-09-15
CVE-2022-39147 Siemens Parasolid 缓冲区错误漏洞 — Parasolid V33.1 7.8 -2022-09-13
CVE-2022-39146 Siemens Parasolid 缓冲区错误漏洞 — Parasolid V33.1 7.8 -2022-09-13
CVE-2022-1016 Linux kernel 缓冲区错误漏洞 — Kernel 5.5 -2022-08-29
CVE-2022-34244 Adobe Photoshop U3D File Parsing Access of Uninitialized Pointer Information Disclosure Vulnerability — Photoshop 5.5 Medium2022-07-15
CVE-2022-34228 Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability — Acrobat Reader 7.8 High2022-07-15
CVE-2022-31599 NVIDIA DGX 缓冲区错误漏洞 — NVIDIA DGX A100 8.2 High2022-07-04
CVE-2022-32136 Codesys runtime systems: Access of uninitialised pointer lead to denial of service. — Runtime Toolkit 6.5 Medium2022-06-24
CVE-2022-1809 Access of Uninitialized Pointer in radareorg/radare2 — radareorg/radare2 7.1 -2022-05-21

Vulnerabilities classified as CWE-824 (使用未经初始化的指针) represent 174 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.