Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-CMQ9-P975-G5VW

Vulnerability from github – Published: 2022-05-01 17:52 – Updated: 2022-05-01 17:52
VLAI
Details

The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-1327"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-07T21:19:00Z",
    "severity": "HIGH"
  },
  "details": "The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm.",
  "id": "GHSA-cmq9-p975-g5vw",
  "modified": "2022-05-01T17:52:29Z",
  "published": "2022-05-01T17:52:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1327"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32846"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=117320823618036\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/33887"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24426"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24431"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200703-12.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22846"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CMQ9-W454-24MF

Vulnerability from github – Published: 2023-01-17 21:30 – Updated: 2023-01-23 21:30
VLAI
Details

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-17T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.",
  "id": "GHSA-cmq9-w454-24mf",
  "modified": "2023-01-23T21:30:26Z",
  "published": "2023-01-17T21:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47929"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5324"
    },
    {
      "type": "WEB",
      "url": "https://www.spinics.net/lists/netdev/msg555705.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CMWH-VHG7-3C9R

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 18:14
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()

soc_dev_attr->revision could be NULL, thus, a pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c").

This issue is found by our static analysis tool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T13:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()\n\nsoc_dev_attr-\u003erevision could be NULL, thus,\na pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool.",
  "id": "GHSA-cmwh-vhg7-3c9r",
  "modified": "2025-11-05T18:14:24Z",
  "published": "2025-05-01T15:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23148"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4129760e462f45f14e61b10408ace61aa7c2ed30"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44a2572a0fdcf3e7565763690d579b998a8f0562"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/475b9b45dc32eba58ab794b5d47ac689fc018398"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f51d169fd0d4821bce775618db024062b09a3f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f80fd2ff8bfd13e41554741740e0ca8e6445ded"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ce469d23205249bb17c1135ccadea879576adfc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ee067cf0cf82429e9b204283c7d0d8d6891d10e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8222ef6cf29dd7cad21643228f96535cc02b327"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CMXM-6C5M-R5C5

Vulnerability from github – Published: 2022-05-17 00:29 – Updated: 2022-05-17 00:29
VLAI
Details

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where sqlite3_step(pStmt)==SQLITE_ROW is false and a data structure is never initialized.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-12T08:29:00Z",
    "severity": "HIGH"
  },
  "details": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.",
  "id": "GHSA-cmxm-6c5m-r5c5",
  "modified": "2022-05-17T00:29:51Z",
  "published": "2022-05-17T00:29:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15286"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101285"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP24-C7W4-6GH4

Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-09-12 15:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()

During driver initialization, the pointer of card info, i.e. the variable 'ci' is required. However, the definition of 'com20020pci_id_table' reveals that this field is empty for some devices, which will cause null pointer dereference when initializing these devices.

The following log reveals it:

[ 3.973806] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 3.973819] RIP: 0010:com20020pci_probe+0x18d/0x13e0 [com20020_pci] [ 3.975181] Call Trace: [ 3.976208] local_pci_probe+0x13f/0x210 [ 3.977248] pci_device_probe+0x34c/0x6d0 [ 3.977255] ? pci_uevent+0x470/0x470 [ 3.978265] really_probe+0x24c/0x8d0 [ 3.978273] __driver_probe_device+0x1b3/0x280 [ 3.979288] driver_probe_device+0x50/0x370

Fix this by checking whether the 'ci' is a null pointer first.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-22T02:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()\n\nDuring driver initialization, the pointer of card info, i.e. the\nvariable \u0027ci\u0027 is required. However, the definition of\n\u0027com20020pci_id_table\u0027 reveals that this field is empty for some\ndevices, which will cause null pointer dereference when initializing\nthese devices.\n\nThe following log reveals it:\n\n[    3.973806] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[    3.973819] RIP: 0010:com20020pci_probe+0x18d/0x13e0 [com20020_pci]\n[    3.975181] Call Trace:\n[    3.976208]  local_pci_probe+0x13f/0x210\n[    3.977248]  pci_device_probe+0x34c/0x6d0\n[    3.977255]  ? pci_uevent+0x470/0x470\n[    3.978265]  really_probe+0x24c/0x8d0\n[    3.978273]  __driver_probe_device+0x1b3/0x280\n[    3.979288]  driver_probe_device+0x50/0x370\n\nFix this by checking whether the \u0027ci\u0027 is a null pointer first.",
  "id": "GHSA-cp24-c7w4-6gh4",
  "modified": "2024-09-12T15:32:59Z",
  "published": "2024-08-22T03:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48908"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f394102ee27dbf051a4e283390cd8d1759dacea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e3bc7c5bbf87e86e9cd652ca2a9166942d86206"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1ee6b9340a38bdb9e5c90f0eac5b22b122c3049"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b838add93e1dd98210482dc433768daaf752bdef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca0bdff4249a644f2ca7a49d410d95b8dacf1f72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e50c589678e50f8d574612e473ca60ef45190896"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea372aab54903310756217d81610901a8e66cb7d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP2G-849G-W9JR

Vulnerability from github – Published: 2022-05-17 02:21 – Updated: 2022-05-17 02:21
VLAI
Details

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-29T09:59:00Z",
    "severity": "HIGH"
  },
  "details": "The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.",
  "id": "GHSA-cp2g-849g-w9jr",
  "modified": "2022-05-17T02:21:03Z",
  "published": "2022-05-17T02:21:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7080"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92938"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036804"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2016-0014.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP2P-PP43-5PM7

Vulnerability from github – Published: 2022-05-17 01:17 – Updated: 2022-05-17 01:17
VLAI
Details

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-05T07:29:00Z",
    "severity": "HIGH"
  },
  "details": "GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a \"POST / HTTP/1.1\" request.",
  "id": "GHSA-cp2p-pp43-5pm7",
  "modified": "2022-05-17T01:17:20Z",
  "published": "2022-05-17T01:17:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shadow4u/goaheaddebug/blob/master/README.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP4J-VW64-WP3F

Vulnerability from github – Published: 2025-02-27 03:34 – Updated: 2025-03-05 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated

Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to bail out if skb cannot be allocated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T03:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated\n\nFix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to\nbail out if skb cannot be allocated.",
  "id": "GHSA-cp4j-vw64-wp3f",
  "modified": "2025-03-05T21:32:07Z",
  "published": "2025-02-27T03:34:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21774"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/118fb35681bd2c0d2afa22f7be0ef94bb4d06849"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/946750e7865df2e70045071051abf768785dd570"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7f0adfe64de08803990dc4cbecd2849c04e314a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP7R-WF78-8X92

Vulnerability from github – Published: 2022-05-14 03:34 – Updated: 2022-05-14 03:34
VLAI
Details

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-01T08:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.",
  "id": "GHSA-cp7r-wf78-8x92",
  "modified": "2022-05-14T03:34:33Z",
  "published": "2022-05-14T03:34:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18013"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3602-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3606-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4100"
    },
    {
      "type": "WEB",
      "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102345"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP7W-WHJM-PP36

Vulnerability from github – Published: 2025-01-15 15:31 – Updated: 2025-01-15 15:31
VLAI
Details

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5198"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T13:15:15Z",
    "severity": "LOW"
  },
  "details": "OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.",
  "id": "GHSA-cp7w-whjm-pp36",
  "modified": "2025-01-15T15:31:25Z",
  "published": "2025-01-15T15:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5198"
    },
    {
      "type": "WEB",
      "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-5198"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.