Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-824 (使用未经初始化的指针) — Vulnerability Class 174

174 vulnerabilities classified as CWE-824 (使用未经初始化的指针). AI Chinese analysis included.

CWE-824 represents a critical memory management weakness where software accesses or utilizes a pointer that has not been properly initialized. This flaw typically arises when developers declare pointers without assigning them a valid memory address or null value, leaving them to contain arbitrary garbage data from the stack or heap. Attackers exploit this vulnerability by manipulating the uninitialized memory contents to force the application to read or write to unexpected, potentially sensitive memory locations. Such exploitation can lead to severe consequences, including denial of service through crashes, or arbitrary code execution if the uninitialized pointer is used as a function call target. To prevent this, developers must ensure all pointers are explicitly initialized to null or a valid address before use, employ static analysis tools to detect uninitialized variables, and adhere to strict memory management practices that validate pointer states prior to dereferencing.

MITRE CWE Description
The product accesses or uses a pointer that has not been initialized. If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks. Depending on memory layout, associated memory management behaviors, and product operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed.
Common Consequences (3)
ConfidentialityRead Memory
If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
AvailabilityDoS: Crash, Exit, or Restart
If the uninitialized pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" (such as NULL) or larger than expected by a read or write operation, then a crash may occur.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
CVE IDTitleCVSSSeverityPublished
CVE-2021-33542 Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability — Automation Worx Software Suite 7.8 High2021-06-25
CVE-2021-31479 OpenText Brava! 缓冲区错误漏洞 — Brava! Desktop 7.8 -2021-06-15
CVE-2021-3592 QEMU 缓冲区错误漏洞 — QEMU 3.8 -2021-06-15
CVE-2021-3593 QEMU 缓冲区错误漏洞 — QEMU 3.8 -2021-06-15
CVE-2021-3594 QEMU 缓冲区错误漏洞 — QEMU 3.8 -2021-06-15
CVE-2021-3595 QEMU 缓冲区错误漏洞 — QEMU 3.8 -2021-06-15
CVE-2021-22758 Schneider Electric IGSS 缓冲区错误漏洞 — IGSS Definition (Def.exe) V15.0.0.21140 and prior 7.8 -2021-06-11
CVE-2021-29568 Reference binding to null in `ParameterizedTruncatedNormal` — tensorflow 2.5 Low2021-05-14
CVE-2021-29098 ArcGIS general raster security update: uninitialized pointer — ArcReader 7.8 -2021-03-25
CVE-2021-29095 ArcGIS Server image service and raster analytics security update: uninitialized pointer — ArcGIS Server 6.8 -2021-03-25
CVE-2021-22670 FATEK FvDesigner 缓冲区错误漏洞 — Fatek FvDesigner 7.8 -2021-03-03
CVE-2021-22639 Fuji Electric Tellus Lite V-Simulator 和 Fuji Electric V-Server Lite 缓冲区错误漏洞 — Tellus Lite V-Simulator and V-Server Lite 7.8 -2021-01-27
CVE-2021-0209 Junos OS Evolved: Receipt of certain valid BGP update packets from BGP peers may cause RPD to core when using REGEX. — Junos OS Evolved 6.5 Medium2021-01-15
CVE-2020-27778 Poppler 缓冲区错误漏洞 — poppler 7.5 -2020-12-03
CVE-2020-8110 Bitdefender ceva_emu.cvd module denial-of-service (VA-8766) — Bitdefender Engines 5.9 Medium2020-10-02
CVE-2020-16203 Delta Electronics CNCSoft ScreenEditor 缓冲区错误漏洞 — Delta Industrial Automation CNCSoft ScreenEditor 7.8 -2020-08-04
CVE-2020-6093 Nitro Software Nitro Pro 缓冲区错误漏洞 — Nitro Pro 5.5 -2020-05-18
CVE-2020-8882 Foxit Studio Photo 缓冲区错误漏洞 — Studio Photo 8.8 -2020-03-20
CVE-2019-13527 Rockwell Automation Arena Simulation Software Cat. 9502-Ax 缓冲区错误漏洞 — Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier 7.8 -2019-09-24
CVE-2019-1869 Cisco StarOS Denial of Service Vulnerability — Cisco ASR 5000 Series Software 7.5 -2019-06-20
CVE-2018-19018 Omron CX-Supervisor 缓冲区错误漏洞 — CX-Supervisor 7.8 -2019-02-12
CVE-2018-5392 mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR — mingw-w64 7.5 -2018-08-14
CVE-2018-9948 Foxit Reader 安全漏洞 — Foxit Reader 6.5 -2018-05-17
CVE-2018-9981 Foxit Reader 安全漏洞 — Foxit Reader 8.8 -2018-05-17

Vulnerabilities classified as CWE-824 (使用未经初始化的指针) represent 174 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.