Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-824 (使用未经初始化的指针) — Vulnerability Class 174

174 vulnerabilities classified as CWE-824 (使用未经初始化的指针). AI Chinese analysis included.

CWE-824 represents a critical memory management weakness where software accesses or utilizes a pointer that has not been properly initialized. This flaw typically arises when developers declare pointers without assigning them a valid memory address or null value, leaving them to contain arbitrary garbage data from the stack or heap. Attackers exploit this vulnerability by manipulating the uninitialized memory contents to force the application to read or write to unexpected, potentially sensitive memory locations. Such exploitation can lead to severe consequences, including denial of service through crashes, or arbitrary code execution if the uninitialized pointer is used as a function call target. To prevent this, developers must ensure all pointers are explicitly initialized to null or a valid address before use, employ static analysis tools to detect uninitialized variables, and adhere to strict memory management practices that validate pointer states prior to dereferencing.

MITRE CWE Description
The product accesses or uses a pointer that has not been initialized. If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks. Depending on memory layout, associated memory management behaviors, and product operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed.
Common Consequences (3)
ConfidentialityRead Memory
If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
AvailabilityDoS: Crash, Exit, or Restart
If the uninitialized pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" (such as NULL) or larger than expected by a read or write operation, then a crash may occur.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
CVE IDTitleCVSSSeverityPublished
CVE-2021-42702 Inkscape Access of Uninitialized Pointer — Inkscape 3.3 Low2022-05-18
CVE-2022-27794 Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability — Acrobat Reader 7.8 -2022-05-11
CVE-2022-29033 Siemens JT2GO和Siemens Teamcenter Visualization 缓冲区错误漏洞 — JT2Go 7.8 -2022-05-10
CVE-2022-22198 Junos OS: MX MS-MPC or MS-MIC, or SRX SPC crashes if it receives a SIP message with a specific contact header format — Junos OS 7.5 High2022-04-14
CVE-2022-21168 ICSA-22-090-03 Fuji Electric Alpha5 — Alpha5 3.3 Low2022-04-12
CVE-2021-3608 QEMU 缓冲区错误漏洞 — QEMU 6.0 -2022-02-24
CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime — wasmtime 5.1 Medium2022-02-16
CVE-2021-38409 Fuji Electric Tellus Lite V-Simulator uninitialized pointer — V-Server Lite 7.8 High2021-12-20
CVE-2021-43746 Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability — Premiere Rush 5.5 Medium2021-12-20
CVE-2021-43030 Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability — Premiere Rush 3.3 -2021-12-20
CVE-2021-41219 Undefined behavior via `nullptr` reference binding in sparse matrix multiplication — tensorflow 7.8 High2021-11-05
CVE-2021-41214 Reference binding to `nullptr` in `tf.ragged.cross` — tensorflow 7.8 High2021-11-05
CVE-2021-41204 Segfault while copying constant resource tensor — tensorflow 5.5 Medium2021-11-05
CVE-2021-41201 Unitialized access in `EinsumHelper::ParseEquation` — tensorflow 7.8 High2021-11-05
CVE-2021-34596 CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service — CODESYS V2 6.5 Medium2021-10-26
CVE-2021-41538 Siemens Solid Edge 缓冲区错误漏洞 — NX 1953 Series 5.5 -2021-09-28
CVE-2021-1619 Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability — Cisco IOS XE Software 9.8 Critical2021-09-23
CVE-2021-33015 Horner Automation Cscape 缓冲区错误漏洞 — Cscape 7.8 -2021-08-25
CVE-2021-35991 Adobe Bridge MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability — Bridge 3.3 Low2021-08-20
CVE-2021-37676 Reference binding to nullptr in shape inference in TensorFlow — tensorflow 7.8 High2021-08-12
CVE-2021-37671 Reference binding to nullptr in map operations in TensorFlow — tensorflow 7.8 High2021-08-12
CVE-2021-37666 Reference binding to nullptr in `RaggedTensorToVariant` in TensorFlow — tensorflow 7.8 High2021-08-12
CVE-2021-37667 Reference binding to nullptr in unicode encoding in TensorFlow — tensorflow 7.8 High2021-08-12
CVE-2021-37662 Reference binding to nullptr in boosted trees in TensorFlow — tensorflow 7.1 High2021-08-12
CVE-2021-37656 Reference binding to nullptr in `RaggedTensorToSparse` in TensorFlow — tensorflow 7.1 High2021-08-12
CVE-2021-37657 Reference binding to nullptr in `MatrixDiagV*` ops in TensorFlow — tensorflow 7.1 High2021-08-12
CVE-2021-37658 Reference binding to nullptr in `MatrixSetDiagV*` ops in TensorFlow — tensorflow 7.1 High2021-08-12
CVE-2021-32931 FATEK Automation FvDesigner 缓冲区错误漏洞 — FATEK Automation FvDesigner 7.8 -2021-08-11
CVE-2021-37180 Siemens Solid Edge 缓冲区错误漏洞 — Solid Edge SE2021 7.8 -2021-08-10
CVE-2021-31503 OpenText Brava! 缓冲区错误漏洞 — Brava! Desktop 7.8 -2021-08-03

Vulnerabilities classified as CWE-824 (使用未经初始化的指针) represent 174 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.