CWE-824: Access of Uninitialized Pointer
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product accesses or uses a pointer that has not been initialized.
常见后果
影响范围: Confidentiality
技术影响: Read Memory
说明: If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
影响范围: Availability
技术影响: DoS: Crash, Exit, or Restart
说明: If the uninitialized pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" (such as NULL) or larger than expected by a read or write operation, then a crash may occur.
影响范围: Integrity Confidentiality Availability
技术影响: Execute Unauthorized Code or Commands
说明: If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-2024-32878
LLM product has a free of an uninitialized pointer
参考: CVE-2019-3836
Chain: secure communications library does not initialize a local variable for a data structure (CWE-456), leading to access of an uninitialized pointer (CWE-824).
参考: CVE-2018-14641
Chain: C union member is not initialized (CWE-456), leading to access of invalid pointer (CWE-824)
参考: CVE-2010-0211
chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824).
参考: CVE-2009-2768
Pointer in structure is not initialized, leading to NULL pointer dereference (CWE-476) and system crash.
参考: CVE-2009-1721
Free of an uninitialized pointer.
参考: CVE-2009-1415
Improper handling of invalid signatures leads to free of invalid pointer.
参考: CVE-2009-0846
Invalid encoding triggers free of uninitialized pointer.
参考: CVE-2009-0040
Crafted PNG image leads to free of uninitialized pointer.
参考: CVE-2008-2934
Crafted GIF image leads to free of uninitialized pointer.
参考: CVE-2007-4682
Access of uninitialized pointer might lead to code execution.
参考: CVE-2007-4639
Step-based manipulation: invocation of debugging function before the primary initialization function leads to access of an uninitialized pointer and code execution.
参考: CVE-2007-4000
Unchecked return values can lead to a write to an uninitialized pointer.
参考: CVE-2007-2442
zero-length input leads to free of uninitialized pointer.
参考: CVE-2007-1213
Crafted font leads to uninitialized function pointer.
参考: CVE-2006-6143
Uninitialized function pointer in freed memory is invoked
参考: CVE-2006-4175
LDAP server mishandles malformed BER queries, leading to free of uninitialized memory
参考: CVE-2006-0054
Firewall can crash with certain ICMP packets that trigger access of an uninitialized pointer.
参考: CVE-2003-1201
LDAP server does not initialize members of structs, which leads to free of uninitialized pointer if an LDAP request fails.