CWE-457: Use of Uninitialized Variable

CWE-457: Use of Uninitialized Variable | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

This code prints a greeting using information stored in a POST request:

Vulnerable example

php

if (isset($_POST['names'])) {

This code checks if the POST array 'names' is set before assigning it to the $nameArray variable. However, if the array is not in the POST request, $nameArray will remain uninitialized. This will cause an error when the array is accessed to print the greeting message, which could lead to further exploit.

The following switch statement is intended to set the values of the variables aN and bN before they are used:

Vulnerable example

int aN, Bn;

In the default case of the switch statement, the programmer has accidentally set the value of aN twice. As a result, bN will have an undefined value. Most uninitialized variable issues result in general software reliability problems, but if attackers can intentionally trigger the use of an uninitialized variable, they might be able to launch a denial of service attack by crashing the program. Under the right circumstances, an attacker may be able to control the value of an uninitialized variable by affecting the values on the stack prior to the invocation of the function.

This example will leave test_string in an unknown condition when i is the same value as err_val, because test_string is not initialized (CWE-456). Depending on where this code segment appears (e.g. within a function body), test_string might be random if it is stored on the heap or stack. If the variable is declared in static memory, it might be zero or NULL. Compiler optimization might contribute to the unpredictability of this address.

Vulnerable example

test_string = "Hello World!";

Safe example

test_string = "Hello World!";

CWE-457: Use of Uninitialized Variable

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-457?

What CVEs are caused by CWE-457?

How do you prevent CWE-457?

How is CWE-457 detected?

What are the consequences of CWE-457?

Is CWE-457 actively exploited?

References

Stay ahead of CWE-457

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Related

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-457?

What CVEs are caused by CWE-457?

How do you prevent CWE-457?

How is CWE-457 detected?

What are the consequences of CWE-457?

Is CWE-457 actively exploited?

References

Stay ahead of CWE-457