CWE-824
AllowedAccess of Uninitialized Pointer
Abstraction: Base · Status: Incomplete
The product accesses or uses a pointer that has not been initialized.
451 vulnerabilities reference this CWE, most recent first.
GHSA-8CXJ-VC9J-XQ64
Vulnerability from github – Published: 2023-01-17 12:30 – Updated: 2023-01-24 21:30CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2023-22366"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-17T10:15:00Z",
"severity": "HIGH"
},
"details": "CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.",
"id": "GHSA-8cxj-vc9j-xq64",
"modified": "2023-01-24T21:30:28Z",
"published": "2023-01-17T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22366"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU91744508/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8J35-8P36-8W3G
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2023-07-07 21:30Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-35991"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-824",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-20T19:15:00Z",
"severity": "LOW"
},
"details": "Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-8j35-8p36-8w3g",
"modified": "2023-07-07T21:30:15Z",
"published": "2022-05-24T19:11:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35991"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-53.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8MXF-8WH9-G5PV
Vulnerability from github – Published: 2026-04-21 15:32 – Updated: 2026-04-22 18:31Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.
{
"affected": [],
"aliases": [
"CVE-2026-6757"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-21T13:16:21Z",
"severity": "MODERATE"
},
"details": "Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.",
"id": "GHSA-8mxf-8wh9-g5pv",
"modified": "2026-04-22T18:31:39Z",
"published": "2026-04-21T15:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6757"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013588"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-30"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-32"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-33"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-8PRM-GH76-RQ38
Vulnerability from github – Published: 2023-09-20 18:30 – Updated: 2025-06-28 00:31Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
{
"affected": [],
"aliases": [
"CVE-2023-20597"
],
"database_specific": {
"cwe_ids": [
"CWE-665",
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-20T18:15:12Z",
"severity": "MODERATE"
},
"details": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.",
"id": "GHSA-8prm-gh76-rq38",
"modified": "2025-06-28T00:31:11Z",
"published": "2023-09-20T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20597"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8Q5Q-7MVV-W97X
Vulnerability from github – Published: 2025-05-29 15:31 – Updated: 2025-12-16 21:30In the Linux kernel, the following vulnerability has been resolved:
module: ensure that kobject_put() is safe for module type kobjects
In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt to use an uninitialized completion pointer in 'module_kobject_release()'. In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding an extra check whether 'complete()' is actually required makes 'kobject_put()' safe.
{
"affected": [],
"aliases": [
"CVE-2025-37995"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-29T14:15:36Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmodule: ensure that kobject_put() is safe for module type kobjects\n\nIn \u0027lookup_or_create_module_kobject()\u0027, an internal kobject is created\nusing \u0027module_ktype\u0027. So call to \u0027kobject_put()\u0027 on error handling\npath causes an attempt to use an uninitialized completion pointer in\n\u0027module_kobject_release()\u0027. In this scenario, we just want to release\nkobject without an extra synchronization required for a regular module\nunloading process, so adding an extra check whether \u0027complete()\u0027 is\nactually required makes \u0027kobject_put()\u0027 safe.",
"id": "GHSA-8q5q-7mvv-w97x",
"modified": "2025-12-16T21:30:49Z",
"published": "2025-05-29T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37995"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31d8df3f303c3ae9115230820977ef8c35c88808"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93799fb988757cdacf19acba57807746c00378e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9e7b49ce4f9d0cb5b6e87db9e07a2fb9e754b0dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a63d99873547d8b39eb2f6db79dd235761e7098a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a6aeb739974ec73e5217c75a7c008a688d3d5cf1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d63851049f412cdfadaeef7a7eaef5031d11c1e9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1c71b4bd721a4ea21da408806964b10468623f2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/faa9059631d3491d699c69ecf512de9e1a3d6649"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8QXC-57HF-HC9J
Vulnerability from github – Published: 2026-07-01 17:48 – Updated: 2026-07-01 17:48Summary
A memory-safety vulnerability in Open Babel's PQS parser caused an uninitialized pointer dereference when reading a crafted input file.
Details
The flaw was in the pFormat handling of the PQS reader. A malformed
input caused the parser to dereference a format pointer that had
never been initialized.
Impact
Open Babel is a C++ library and CLI used to read and write chemistry
file formats; it is shipped by Linux distributions and embedded in
services that may parse untrusted input. Triggering this vulnerability
requires the victim to open a malicious PQS file with the obabel
tool, the OBConversion API, or any of the language bindings (Python,
Ruby, Java, R, Perl, C#, PHP).
Affected versions
All releases up to and including 3.1.1.
Patched version
3.2.0 (released 2026-05-26).
Patch
Fix commit: https://github.com/openbabel/openbabel/commit/2a7d2cda
A minimized reproducer for this CVE is checked in under
test/files/fuzz_regress/ and is exercised on every CI build under
ASAN+UBSAN by the fuzzregresstest harness.
Credit
Reported by Cisco TALOS.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "openbabel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-46280"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T17:48:54Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nA memory-safety vulnerability in Open Babel\u0027s PQS parser caused an\nuninitialized pointer dereference when reading a crafted input file.\n\n### Details\n\nThe flaw was in the `pFormat` handling of the PQS reader. A malformed\ninput caused the parser to dereference a format pointer that had\nnever been initialized.\n\n### Impact\n\nOpen Babel is a C++ library and CLI used to read and write chemistry\nfile formats; it is shipped by Linux distributions and embedded in\nservices that may parse untrusted input. Triggering this vulnerability\nrequires the victim to open a malicious PQS file with the `obabel`\ntool, the `OBConversion` API, or any of the language bindings (Python,\nRuby, Java, R, Perl, C#, PHP).\n\n### Affected versions\n\nAll releases up to and including 3.1.1.\n\n### Patched version\n\n3.2.0 (released 2026-05-26).\n\n### Patch\n\nFix commit: https://github.com/openbabel/openbabel/commit/2a7d2cda\n\nA minimized reproducer for this CVE is checked in under\n`test/files/fuzz_regress/` and is exercised on every CI build under\nASAN+UBSAN by the `fuzzregresstest` harness.\n\n### Credit\n\nReported by Cisco TALOS.",
"id": "GHSA-8qxc-57hf-hc9j",
"modified": "2026-07-01T17:48:54Z",
"published": "2026-07-01T17:48:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openbabel/openbabel/security/advisories/GHSA-8qxc-57hf-hc9j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46280"
},
{
"type": "WEB",
"url": "https://github.com/openbabel/openbabel/commit/2a7d2cda8bd47daade2e555e34b69651a2e132ef"
},
{
"type": "PACKAGE",
"url": "https://github.com/openbabel/openbabel"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1670"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Open Babel has uninitialized pointer dereference in PQS pFormat"
}
GHSA-8V2W-Q3WX-M958
Vulnerability from github – Published: 2026-04-15 00:31 – Updated: 2026-04-15 00:31Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-27300"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T23:16:27Z",
"severity": "MODERATE"
},
"details": "Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-8v2w-q3wx-m958",
"modified": "2026-04-15T00:31:35Z",
"published": "2026-04-15T00:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27300"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/framemaker/apsb26-36.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-92C5-XC6W-8GH2
Vulnerability from github – Published: 2022-12-08 00:30 – Updated: 2022-12-09 21:30GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2022-2952"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-07T23:15:00Z",
"severity": "HIGH"
},
"details": "GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.",
"id": "GHSA-92c5-xc6w-8gh2",
"modified": "2022-12-09T21:30:47Z",
"published": "2022-12-08T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2952"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-92QG-HFHR-PPVQ
Vulnerability from github – Published: 2025-12-18 21:31 – Updated: 2026-04-29 04:13Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack
and potentially arbitrary code execution
under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316,
≤
WR941ND v6 3.16.9 Build 151203.
{
"affected": [],
"aliases": [
"CVE-2025-14739"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T19:16:21Z",
"severity": "HIGH"
},
"details": "Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows\u00a0local unauthenticated attackers the ability to execute DoS attack \n\nand potentially arbitrary code execution\n\nunder the context of the \u2018root\u2019 user.This issue affects WR940N and WR941ND: \u2264 WR940N v5 3.20.1 Build 200316, \n\n\u2264\n\n WR941ND v6 3.16.9 Build 151203.",
"id": "GHSA-92qg-hfhr-ppvq",
"modified": "2026-04-29T04:13:42Z",
"published": "2025-12-18T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14739"
},
{
"type": "WEB",
"url": "https://blog.exodusintel.com/2022/06/23/tp-link-wr940n-wr941nd-uninitialized-pointer-vulnerability"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/download/tl-wr940n/v5/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/download/tl-wr941nd/#Firmware"
},
{
"type": "WEB",
"url": "https://www.tp-link.com/us/support/faq/4848"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-93X3-2R5R-4375
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2025-08-15 21:31A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2021-34596"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-26T10:15:00Z",
"severity": "MODERATE"
},
"details": "A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.",
"id": "GHSA-93x3-2r5r-4375",
"modified": "2025-08-15T21:31:14Z",
"published": "2022-05-24T19:18:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34596"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16878\u0026token=e5644ec405590e66aefa62304cb8632df9fc9e9c\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.