CWE-457
AllowedUse of Uninitialized Variable
Abstraction: Variant · Status: Draft
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
298 vulnerabilities reference this CWE, most recent first.
GHSA-75XC-FV5M-PPRR
Vulnerability from github – Published: 2026-04-21 15:32 – Updated: 2026-06-30 03:36Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.
{
"affected": [],
"aliases": [
"CVE-2026-6748"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-21T13:16:20Z",
"severity": "CRITICAL"
},
"details": "Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.",
"id": "GHSA-75xc-fv5m-pprr",
"modified": "2026-06-30T03:36:19Z",
"published": "2026-04-21T15:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6748"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19464"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19465"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19466"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19467"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19468"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19469"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19542"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19655"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19704"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-6748"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022604"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6748.json"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-30"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-32"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-33"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-34"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10757"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10766"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10767"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12285"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13537"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15892"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17477"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17687"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17688"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17689"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17690"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19041"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19131"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19201"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19348"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19461"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19462"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19463"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-826X-6XRJ-6VG9
Vulnerability from github – Published: 2025-03-11 21:30 – Updated: 2025-03-11 21:30Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of VS files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25235.
{
"affected": [],
"aliases": [
"CVE-2025-2014"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T21:15:52Z",
"severity": "HIGH"
},
"details": "Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VS files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25235.",
"id": "GHSA-826x-6xrj-6vg9",
"modified": "2025-03-11T21:30:41Z",
"published": "2025-03-11T21:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2014"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-115"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8353-C32H-G49G
Vulnerability from github – Published: 2026-07-02 00:31 – Updated: 2026-07-02 03:31Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-14402"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T23:16:48Z",
"severity": "MODERATE"
},
"details": "Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-8353-c32h-g49g",
"modified": "2026-07-02T03:31:26Z",
"published": "2026-07-02T00:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14402"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513051340"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-85RG-8M6H-825P
Vulnerability from github – Published: 2024-06-13 19:39 – Updated: 2024-06-13 19:39Summary
Bunch of vulnerabilities found in k8sGPT. Fixed in release https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/k8sgpt-ai/k8sgpt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.33"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-457"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-13T19:39:11Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nBunch of vulnerabilities found in k8sGPT. Fixed in release https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33",
"id": "GHSA-85rg-8m6h-825p",
"modified": "2024-06-13T19:39:11Z",
"published": "2024-06-13T19:39:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/k8sgpt-ai/k8sgpt/security/advisories/GHSA-85rg-8m6h-825p"
},
{
"type": "PACKAGE",
"url": "https://github.com/k8sgpt-ai/k8sgpt"
},
{
"type": "WEB",
"url": "https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Vulnerabilities with the k8sGPT"
}
GHSA-8772-33FG-R56F
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 18:31Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-11067"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:17:11Z",
"severity": "MODERATE"
},
"details": "Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-8772-33fg-r56f",
"modified": "2026-06-05T18:31:33Z",
"published": "2026-06-05T00:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11067"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/499140183"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-87GC-V6C9-WRPW
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 03:35Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-14125"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:24Z",
"severity": "MODERATE"
},
"details": "Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-87gc-v6c9-wrpw",
"modified": "2026-07-01T03:35:23Z",
"published": "2026-07-01T00:34:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14125"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513918431"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-87GM-W973-RX95
Vulnerability from github – Published: 2025-12-02 03:31 – Updated: 2025-12-02 15:30In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.
{
"affected": [],
"aliases": [
"CVE-2025-20771"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-02T03:16:18Z",
"severity": "MODERATE"
},
"details": "In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.",
"id": "GHSA-87gm-w973-rx95",
"modified": "2025-12-02T15:30:31Z",
"published": "2025-12-02T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20771"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-87XP-XHJM-QGRH
Vulnerability from github – Published: 2026-06-10 00:31 – Updated: 2026-06-10 00:31An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command
{
"affected": [],
"aliases": [
"CVE-2026-9754"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T23:17:05Z",
"severity": "HIGH"
},
"details": "An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command",
"id": "GHSA-87xp-xhjm-qgrh",
"modified": "2026-06-10T00:31:51Z",
"published": "2026-06-10T00:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9754"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-122207"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-894Q-229W-7393
Vulnerability from github – Published: 2025-08-15 15:30 – Updated: 2025-08-15 15:30A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2025-5047"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-15T15:15:33Z",
"severity": "HIGH"
},
"details": "A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.",
"id": "GHSA-894q-229w-7393",
"modified": "2025-08-15T15:30:32Z",
"published": "2025-08-15T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5047"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0017"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8H3H-W9Q9-P8GC
Vulnerability from github – Published: 2026-05-06 21:31 – Updated: 2026-05-07 01:05Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-8020"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T19:16:52Z",
"severity": "MODERATE"
},
"details": "Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-8h3h-w9q9-p8gc",
"modified": "2026-05-07T01:05:55Z",
"published": "2026-05-06T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8020"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/498382925"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-57
Strategy: Attack Surface Reduction
Ensure that critical variables are initialized before first use [REF-1485].
Mitigation
Strategy: Compilation or Build Hardening
Most compilers will complain about the use of uninitialized variables if warnings are turned on.
Mitigation
When using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable's name.
Mitigation
Strategy: Language Selection
Choose a language that is not susceptible to these issues.
Mitigation
Mitigating technologies such as safe string libraries and container abstractions could be introduced.
No CAPEC attack patterns related to this CWE.