CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-CC99-X3H3-44PJ
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
{
"affected": [],
"aliases": [
"CVE-2017-1000445"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-02T15:29:00Z",
"severity": "MODERATE"
},
"details": "ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service",
"id": "GHSA-cc99-x3h3-44pj",
"modified": "2022-05-13T01:10:26Z",
"published": "2022-05-13T01:10:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000445"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/775"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102368"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CCCQ-559F-X22V
Vulnerability from github – Published: 2024-08-26 12:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing
This commit adds null checks for the 'stream' and 'plane' variables in the dcn30_apply_idle_power_optimizations function. These variables were previously assumed to be null at line 922, but they were used later in the code without checking if they were null. This could potentially lead to a null pointer dereference, which would cause a crash.
The null checks ensure that 'stream' and 'plane' are not null before they are used, preventing potential crashes.
Fixes the below static smatch checker: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922) drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)
{
"affected": [],
"aliases": [
"CVE-2024-43904"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-26T11:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for \u0027stream\u0027 and \u0027plane\u0027 before dereferencing\n\nThis commit adds null checks for the \u0027stream\u0027 and \u0027plane\u0027 variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that \u0027stream\u0027 and \u0027plane\u0027 are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed \u0027stream\u0027 could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed \u0027plane\u0027 could be null (see line 922)",
"id": "GHSA-cccq-559f-x22v",
"modified": "2025-11-04T00:31:18Z",
"published": "2024-08-26T12:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43904"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10c20d79d59cadfe572480d98cec271a89ffb024"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e84eda48ffb2363437db44bbd0235594f8a58f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fcf9d6a9f30ea414b6b84a6e901cebd44e146847"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CCCQ-V5RJ-9887
Vulnerability from github – Published: 2022-05-14 03:04 – Updated: 2022-05-14 03:04libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.
{
"affected": [],
"aliases": [
"CVE-2018-13250"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-05T14:29:00Z",
"severity": "MODERATE"
},
"details": "libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.",
"id": "GHSA-cccq-v5rj-9887",
"modified": "2022-05-14T03:04:29Z",
"published": "2022-05-14T03:04:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13250"
},
{
"type": "WEB",
"url": "https://github.com/libming/libming/issues/147"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CCHG-5M9C-JWH9
Vulnerability from github – Published: 2025-03-27 15:31 – Updated: 2025-10-31 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/fbdev-dma: Add shadow buffering for deferred I/O
DMA areas are not necessarily backed by struct page, so we cannot rely on it for deferred I/O. Allocate a shadow buffer for drivers that require deferred I/O and use it as framebuffer memory.
Fixes driver errors about being "Unable to handle kernel NULL pointer dereference at virtual address" or "Unable to handle kernel paging request at virtual address".
The patch splits drm_fbdev_dma_driver_fbdev_probe() in an initial allocation, which creates the DMA-backed buffer object, and a tail that sets up the fbdev data structures. There is a tail function for direct memory mappings and a tail function for deferred I/O with the shadow buffer.
It is no longer possible to use deferred I/O without shadow buffer. It can be re-added if there exists a reliably test for usable struct page in the allocated DMA-backed buffer object.
{
"affected": [],
"aliases": [
"CVE-2024-58091"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T15:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fbdev-dma: Add shadow buffering for deferred I/O\n\nDMA areas are not necessarily backed by struct page, so we cannot\nrely on it for deferred I/O. Allocate a shadow buffer for drivers\nthat require deferred I/O and use it as framebuffer memory.\n\nFixes driver errors about being \"Unable to handle kernel NULL pointer\ndereference at virtual address\" or \"Unable to handle kernel paging\nrequest at virtual address\".\n\nThe patch splits drm_fbdev_dma_driver_fbdev_probe() in an initial\nallocation, which creates the DMA-backed buffer object, and a tail\nthat sets up the fbdev data structures. There is a tail function for\ndirect memory mappings and a tail function for deferred I/O with\nthe shadow buffer.\n\nIt is no longer possible to use deferred I/O without shadow buffer.\nIt can be re-added if there exists a reliably test for usable struct\npage in the allocated DMA-backed buffer object.",
"id": "GHSA-cchg-5m9c-jwh9",
"modified": "2025-10-31T18:31:10Z",
"published": "2025-03-27T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58091"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d087de947babf7ed70029d042abcc6ed06ff415"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3603996432997f7c88da37a97062a46cda01ac9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cdc581169942de3b9e2648cfbd98c5ff9111c2c8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CCHG-V957-9QP4
Vulnerability from github – Published: 2023-10-29 06:30 – Updated: 2023-11-08 03:30An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.
{
"affected": [],
"aliases": [
"CVE-2023-46862"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-29T04:15:11Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.",
"id": "GHSA-cchg-v957-9qp4",
"modified": "2023-11-08T03:30:31Z",
"published": "2023-10-29T06:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46862"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/7644b1a1c9a7ae8ab99175989bfc8676055edb46"
},
{
"type": "WEB",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CCMH-PFGG-525G
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-12-17 21:30In the Linux kernel, the following vulnerability has been resolved:
sch_htb: make htb_deactivate() idempotent
Alan reported a NULL pointer dereference in htb_next_rb_node() after we made htb_qlen_notify() idempotent.
It turns out in the following case it introduced some regression:
htb_dequeue_tree(): |-> fq_codel_dequeue() |-> qdisc_tree_reduce_backlog() |-> htb_qlen_notify() |-> htb_deactivate() |-> htb_next_rb_node() |-> htb_deactivate()
For htb_next_rb_node(), after calling the 1st htb_deactivate(), the clprio[prio]->ptr could be already set to NULL, which means htb_next_rb_node() is vulnerable here.
For htb_deactivate(), although we checked qlen before calling it, in case of qlen==0 after qdisc_tree_reduce_backlog(), we may call it again which triggers the warning inside.
To fix the issues here, we need to:
1) Make htb_deactivate() idempotent, that is, simply return if we already call it before. 2) Make htb_next_rb_node() safe against ptr==NULL.
Many thanks to Alan for testing and for the reproducer.
{
"affected": [],
"aliases": [
"CVE-2025-37953"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T16:15:33Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_htb: make htb_deactivate() idempotent\n\nAlan reported a NULL pointer dereference in htb_next_rb_node()\nafter we made htb_qlen_notify() idempotent.\n\nIt turns out in the following case it introduced some regression:\n\nhtb_dequeue_tree():\n |-\u003e fq_codel_dequeue()\n |-\u003e qdisc_tree_reduce_backlog()\n |-\u003e htb_qlen_notify()\n |-\u003e htb_deactivate()\n |-\u003e htb_next_rb_node()\n |-\u003e htb_deactivate()\n\nFor htb_next_rb_node(), after calling the 1st htb_deactivate(), the\nclprio[prio]-\u003eptr could be already set to NULL, which means\nhtb_next_rb_node() is vulnerable here.\n\nFor htb_deactivate(), although we checked qlen before calling it, in\ncase of qlen==0 after qdisc_tree_reduce_backlog(), we may call it again\nwhich triggers the warning inside.\n\nTo fix the issues here, we need to:\n\n1) Make htb_deactivate() idempotent, that is, simply return if we\n already call it before.\n2) Make htb_next_rb_node() safe against ptr==NULL.\n\nMany thanks to Alan for testing and for the reproducer.",
"id": "GHSA-ccmh-pfgg-525g",
"modified": "2025-12-17T21:30:29Z",
"published": "2025-05-20T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37953"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31ff70ad39485698cf779f2078132d80b57f6c07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3769478610135e82b262640252d90f6efb05be71"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98cd7ed92753090a714f0802d4434314526fe61d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99ff8a20fd61315bf9ae627440a5ff07d22ee153"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9945f7cf1709adc5d2d31cb6cfc85627ce299a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c2d25fddd867ce20a266806634eeeb5c30cb520c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4792b9e38d2f61b07eac72f10909fa76130314b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c928dd4f6bf0c25c72b11824a1e9ac9bd37296a0"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CCVW-6HP9-989M
Vulnerability from github – Published: 2025-06-06 18:30 – Updated: 2025-06-18 18:30A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
{
"affected": [],
"aliases": [
"CVE-2025-29876"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-06T16:15:25Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later",
"id": "GHSA-ccvw-6hp9-989m",
"modified": "2025-06-18T18:30:31Z",
"published": "2025-06-06T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29876"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CCWV-CXFW-98F2
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.
{
"affected": [],
"aliases": [
"CVE-2018-20362"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-22T15:29:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.",
"id": "GHSA-ccwv-cxfw-98f2",
"modified": "2022-05-13T01:25:46Z",
"published": "2022-05-13T01:25:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20362"
},
{
"type": "WEB",
"url": "https://github.com/knik0/faad2/issues/26"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00022.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/28"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4522"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CF2P-HQC9-VHMW
Vulnerability from github – Published: 2024-04-10 15:30 – Updated: 2024-08-22 21:31FreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java.
{
"affected": [],
"aliases": [
"CVE-2024-23076"
],
"database_specific": {
"cwe_ids": [
"CWE-395",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T12:15:09Z",
"severity": "HIGH"
},
"details": "FreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java.",
"id": "GHSA-cf2p-hqc9-vhmw",
"modified": "2024-08-22T21:31:27Z",
"published": "2024-04-10T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23076"
},
{
"type": "WEB",
"url": "https://gist.github.com/LLM4IG/115de1f7c3051403f0301cee0d293518"
},
{
"type": "WEB",
"url": "https://github.com/jfree/jfreechart"
},
{
"type": "WEB",
"url": "http://jfreechart.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CF4C-955G-MJXM
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2024-08-28 21:31In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_inner: validate mandatory meta and payload
Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.
{
"affected": [],
"aliases": [
"CVE-2024-39504"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: validate mandatory meta and payload\n\nCheck for mandatory netlink attributes in payload and meta expression\nwhen used embedded from the inner expression, otherwise NULL pointer\ndereference is possible from userspace.",
"id": "GHSA-cf4c-955g-mjxm",
"modified": "2024-08-28T21:31:27Z",
"published": "2024-07-12T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39504"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.