CWE-665
DiscouragedImproper Initialization
Abstraction: Class · Status: Draft
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
425 vulnerabilities reference this CWE, most recent first.
GHSA-RF3G-V8P5-P675
Vulnerability from github – Published: 2022-12-05 23:06 – Updated: 2022-12-05 23:06Impact
Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts.
Patches
Patched in 2.6.1
Workarounds
Site maintainers can cherry-pick https://github.com/NodeBB/NodeBB/commit/48d143921753914da45926cca6370a92ed0c46b8 into their codebase to patch the exploit.
For more information
If you have any questions or comments about this advisory:
Discuss it on our community forum Email us at support@nodebb.org
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nodebb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-46164"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-05T23:06:14Z",
"nvd_published_at": "2022-12-05T21:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nDue to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts.\n\n### Patches\nPatched in 2.6.1\n\n### Workarounds\nSite maintainers can cherry-pick https://github.com/NodeBB/NodeBB/commit/48d143921753914da45926cca6370a92ed0c46b8 into their codebase to patch the exploit.\n\n### For more information\nIf you have any questions or comments about this advisory:\n\nDiscuss it on [our community forum](https://github.com/NodeBB/NodeBB/security/advisories/community.nodebb.org/)\nEmail us at [support@nodebb.org](mailto:support@nodebb.org)\n",
"id": "GHSA-rf3g-v8p5-p675",
"modified": "2022-12-05T23:06:14Z",
"published": "2022-12-05T23:06:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/NodeBB/NodeBB/security/advisories/GHSA-rf3g-v8p5-p675"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46164"
},
{
"type": "WEB",
"url": "https://github.com/NodeBB/NodeBB/commit/48d143921753914da45926cca6370a92ed0c46b8"
},
{
"type": "PACKAGE",
"url": "https://github.com/NodeBB/NodeBB"
},
{
"type": "WEB",
"url": "https://github.com/NodeBB/NodeBB/releases/tag/v2.6.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "NodeBB vulnerable to account takeover via prototype vulnerability"
}
GHSA-RF3H-5HXX-PG9M
Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2022-05-13 01:30The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
{
"affected": [],
"aliases": [
"CVE-2014-4371"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-09-18T10:55:00Z",
"severity": "LOW"
},
"details": "The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.",
"id": "GHSA-rf3h-5hxx-pg9m",
"modified": "2022-05-13T01:30:39Z",
"published": "2022-05-13T01:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4371"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96100"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT6535"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"type": "WEB",
"url": "http://support.apple.com/HT204244"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6441"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6442"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/69919"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030866"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RFC2-M7M4-3XVG
Vulnerability from github – Published: 2023-08-11 03:30 – Updated: 2024-04-04 06:50Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2023-22356"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-11T03:15:16Z",
"severity": "MODERATE"
},
"details": "Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.",
"id": "GHSA-rfc2-m7m4-3xvg",
"modified": "2024-04-04T06:50:42Z",
"published": "2023-08-11T03:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22356"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RP2G-5HW2-Q565
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2025-10-22 00:32Open Management Infrastructure Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-38647"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-15T12:15:00Z",
"severity": "CRITICAL"
},
"details": "Open Management Infrastructure Remote Code Execution Vulnerability",
"id": "GHSA-rp2g-5hw2-q565",
"modified": "2025-10-22T00:32:19Z",
"published": "2022-05-24T19:14:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38647"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RPVR-65RV-4FVQ
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
{
"affected": [],
"aliases": [
"CVE-2016-6836"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-10T00:59:00Z",
"severity": "MODERATE"
},
"details": "The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.",
"id": "GHSA-rpvr-65rv-4fvq",
"modified": "2022-05-13T01:14:36Z",
"published": "2022-05-13T01:14:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6836"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdda170e50b8af062cf5741e12c4fb5e57a2eacf"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/5"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92444"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RPX6-495P-FQ5G
Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-26 00:01Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2022-20661"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-15T15:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",
"id": "GHSA-rpx6-495p-fq5g",
"modified": "2022-04-26T00:01:03Z",
"published": "2022-04-16T00:00:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20661"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RR5C-8WRV-8W4C
Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.
{
"affected": [],
"aliases": [
"CVE-2018-0811"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-14T17:29:00Z",
"severity": "MODERATE"
},
"details": "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.",
"id": "GHSA-rr5c-8wrv-8w4c",
"modified": "2022-05-13T01:18:30Z",
"published": "2022-05-13T01:18:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0811"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0811"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103232"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040517"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RRPG-4874-9GJ3
Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757.
{
"affected": [],
"aliases": [
"CVE-2018-0810"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-15T02:29:00Z",
"severity": "MODERATE"
},
"details": "The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0757.",
"id": "GHSA-rrpg-4874-9gj3",
"modified": "2022-05-13T01:18:30Z",
"published": "2022-05-13T01:18:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0810"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0810"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102938"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040373"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V2CV-WWXQ-QQ97
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-07-08 19:56In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "19.03.0"
},
{
"fixed": "19.03.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-14271"
],
"database_specific": {
"cwe_ids": [
"CWE-665",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-01T21:22:37Z",
"nvd_published_at": "2019-07-29T18:15:00Z",
"severity": "CRITICAL"
},
"details": "In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.",
"id": "GHSA-v2cv-wwxq-qq97",
"modified": "2024-07-08T19:56:40Z",
"published": "2022-05-24T16:51:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14271"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/issues/39449"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/pull/39612"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b"
},
{
"type": "WEB",
"url": "https://docs.docker.com/engine/release-notes"
},
{
"type": "PACKAGE",
"url": "https://github.com/moby/moby"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/21"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190828-0003"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4521"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Moby Docker cp broken with debian containers"
}
GHSA-V5CJ-XC9V-XG6M
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix overwriting ct original tuple for ICMPv6
OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet.
OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, input port, recirculation id, etc. Then the packet itself gets parsed to populate the rest of the keys from the packet headers.
Whenever the packet parsing code starts parsing the ICMPv6 header, it first zeroes out fields in the key corresponding to Neighbor Discovery information even if it is not an ND packet.
It is an 'ipv6.nd' field. However, the 'ipv6' is a union that shares the space between 'nd' and 'ct_orig' that holds the original tuple conntrack metadata parsed from the OVS_PACKET_ATTR_KEY.
ND packets should not normally have conntrack state, so it's fine to share the space, but normal ICMPv6 Echo packets or maybe other types of ICMPv6 can have the state attached and it should not be overwritten.
The issue results in all but the last 4 bytes of the destination address being wiped from the original conntrack tuple leading to incorrect packet matching and potentially executing wrong actions in case this packet recirculates within the datapath or goes back to userspace.
ND fields should not be accessed in non-ND packets, so not clearing them should be fine. Executing memset() only for actual ND packets to avoid the issue.
Initializing the whole thing before parsing is needed because ND packet may not contain all the options.
The issue only affects the OVS_PACKET_CMD_EXECUTE path and doesn't affect packets entering OVS datapath from network interfaces, because in this case CT metadata is populated from skb after the packet is already parsed.
{
"affected": [],
"aliases": [
"CVE-2024-38558"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T14:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix overwriting ct original tuple for ICMPv6\n\nOVS_PACKET_CMD_EXECUTE has 3 main attributes:\n - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format.\n - OVS_PACKET_ATTR_PACKET - Binary packet content.\n - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet.\n\nOVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure\nwith the metadata like conntrack state, input port, recirculation id,\netc. Then the packet itself gets parsed to populate the rest of the\nkeys from the packet headers.\n\nWhenever the packet parsing code starts parsing the ICMPv6 header, it\nfirst zeroes out fields in the key corresponding to Neighbor Discovery\ninformation even if it is not an ND packet.\n\nIt is an \u0027ipv6.nd\u0027 field. However, the \u0027ipv6\u0027 is a union that shares\nthe space between \u0027nd\u0027 and \u0027ct_orig\u0027 that holds the original tuple\nconntrack metadata parsed from the OVS_PACKET_ATTR_KEY.\n\nND packets should not normally have conntrack state, so it\u0027s fine to\nshare the space, but normal ICMPv6 Echo packets or maybe other types of\nICMPv6 can have the state attached and it should not be overwritten.\n\nThe issue results in all but the last 4 bytes of the destination\naddress being wiped from the original conntrack tuple leading to\nincorrect packet matching and potentially executing wrong actions\nin case this packet recirculates within the datapath or goes back\nto userspace.\n\nND fields should not be accessed in non-ND packets, so not clearing\nthem should be fine. Executing memset() only for actual ND packets to\navoid the issue.\n\nInitializing the whole thing before parsing is needed because ND packet\nmay not contain all the options.\n\nThe issue only affects the OVS_PACKET_CMD_EXECUTE path and doesn\u0027t\naffect packets entering OVS datapath from network interfaces, because\nin this case CT metadata is populated from skb after the packet is\nalready parsed.",
"id": "GHSA-v5cj-xc9v-xg6m",
"modified": "2026-05-12T12:31:54Z",
"published": "2024-06-19T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38558"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b532f59437f688563e9c58bdc1436fefa46e3b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/431e9215576d7b728f3f53a704d237a520092120"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/483eb70f441e2df66ade78aa7217e6e4caadfef3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ab6aecbede080b44b8e34720ab72050bf1e6982"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a51ac92bf35d34b4996d6eb67e2fe469f573b11"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78741b4caae1e880368cb2f5110635f3ce45ecfd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c988176b6c16c516474f6fceebe0f055af5eb56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ec8b0ccadb908d92f7ee211a4eff05fd932f3f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d73fb8bddf89503c9fae7c42e50d44c89909aad6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable's type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some conditions might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile your product with settings that generate warnings about uninitialized variables or data.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.