目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-457 使用未经初始化的变量 类漏洞列表 122

CWE-457 使用未经初始化的变量 类弱点 122 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-457 属于使用未初始化变量的漏洞。在 C/C++ 等语言中,栈变量默认未初始化,可能包含内存残留的垃圾数据。攻击者可通过读取或控制这些内容,导致程序行为不可预测,进而引发信息泄露或逻辑错误。开发者应确保所有变量在使用前显式初始化,并启用编译器警告以检测潜在风险,从而消除不确定性带来的安全隐患。

MITRE CWE 官方描述
CWE:CWE-457 使用未初始化的变量(Use of Uninitialized Variable) 英文:代码使用了未初始化的变量,导致不可预测或非预期的结果。 在某些语言(如 C 和 C++)中,栈变量(stack variables)默认不会进行初始化。它们通常包含垃圾数据(junk data),即函数被调用前栈内存(stack memory)的内容。攻击者有时可以控制或读取这些内容。在其他语言或条件下,未显式初始化的变量可能会被赋予具有安全影响的默认值,这取决于程序的逻辑。未初始化变量的存在有时可能表明代码中存在拼写错误。
常见影响 (2)
Availability, Integrity, OtherOther
Initial variables usually contain junk, which can not be trusted for consistency. This can lead to denial of service conditions, or modify control flow in unexpected ways. In some cases, an attacker can "pre-initialize" the variable using previous actions, which might enable code execution. This can…
Authorization, OtherOther
Strings that are not initialized are especially dangerous, since many functions expect a null at the end -- and only at the end -- of a string.
缓解措施 (5)
ImplementationEnsure that critical variables are initialized before first use [REF-1485].
Build and CompilationMost compilers will complain about the use of uninitialized variables if warnings are turned on.
Implementation, OperationWhen using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable's name.
RequirementsChoose a language that is not susceptible to these issues.
Architecture and DesignMitigating technologies such as safe string libraries and container abstractions could be introduced.
代码示例 (2)
This code prints a greeting using information stored in a POST request:
if (isset($_POST['names'])) { $nameArray = $_POST['names']; } echo "Hello " . $nameArray['first'];
Bad · PHP
The following switch statement is intended to set the values of the variables aN and bN before they are used:
int aN, Bn; switch (ctl) { case -1: aN = 0; bN = 0; break; case 0: aN = i; bN = -i; break; case 1: aN = i + NEXT_SZ; bN = i - NEXT_SZ; break; default: aN = -1; aN = -1; break; } repaint(aN, bN);
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2025-58071 F5 BIG-IP 安全漏洞 — BIG-IP 7.5 High2025-10-15
CVE-2025-7984 Ashlar-Vellum Cobalt 安全漏洞 — Cobalt 7.8AIHighAI2025-09-17
CVE-2025-7981 Ashlar-Vellum Graphite 安全漏洞 — Graphite 7.8AIHighAI2025-09-17
CVE-2025-7978 Ashlar-Vellum Graphite 安全漏洞 — Graphite 7.8AIHighAI2025-09-17
CVE-2025-59348 Dragonfly 安全漏洞 — dragonfly 7.5AIHighAI2025-09-17
CVE-2025-9450 Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞 — SOLIDWORKS eDrawings 7.8 High2025-09-17
CVE-2023-31326 AMD多款产品 安全漏洞 — AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics 2.8 Low2025-09-06
CVE-2025-5047 Autodesk AutoCAD 安全漏洞 — AutoCAD 7.8 High2025-08-15
CVE-2025-54874 OpenJPEG 安全漏洞 — openjpeg 8.1 -2025-08-05
CVE-2025-53644 OpenCV 安全漏洞 — opencv 8.8AIHighAI2025-07-17
CVE-2025-6974 Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞 — SOLIDWORKS eDrawings 7.8 High2025-07-15
CVE-2025-2520 Honeywell Experion PKS 安全漏洞 — C300 PCNT02 7.5 High2025-07-10
CVE-2025-20271 Cisco Meraki Z和Cisco Meraki MX 安全漏洞 — Cisco Meraki MX Firmware 8.6 High2025-06-18
CVE-2025-26383 Johnson Controls iSTAR Configuration Utility 安全漏洞 — iSTAR Configuration Utility (ICU) 5.5AIMediumAI2025-06-11
CVE-2025-5749 WOLFBOX Level 2 EV Charger 安全漏洞 — Level 2 EV Charger 8.8AIHighAI2025-06-06
CVE-2025-40575 Siemens SCALANCE LPE9403 安全漏洞 — SCALANCE LPE9403 4.3 Medium2025-05-13
CVE-2025-2287 Rockwell Automation Arena 安全漏洞 — Arena® 8.6AIHighAI2025-04-08
CVE-2025-2286 Rockwell Automation Arena 安全漏洞 — Arena® 8.6AIHighAI2025-04-08
CVE-2025-2285 Rockwell Automation Arena 安全漏洞 — Arena® 8.6AIHighAI2025-04-08
CVE-2025-20212 Cisco Meraki Z和Cisco Meraki MX 安全漏洞 — Cisco Meraki MX Firmware 7.7 High2025-04-02
CVE-2025-1650 Autodesk AutoCAD 安全漏洞 — AutoCAD 7.8 High2025-03-13
CVE-2025-1649 Autodesk AutoCAD 安全漏洞 — AutoCAD 7.8 High2025-03-13
CVE-2025-1427 Autodesk AutoCAD 安全漏洞 — AutoCAD 7.8 High2025-03-13
CVE-2025-2014 Ashlar-Vellum Cobalt 安全漏洞 — Cobalt 7.8 -2025-03-11
CVE-2025-2024 Trimble SketchUp 安全漏洞 — SketchUp 7.8 -2025-03-07
CVE-2025-20638 MediaTek Chipsets 安全漏洞 — MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893 4.0 -2025-02-03
CVE-2024-56446 Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.0 Medium2025-01-08
CVE-2024-47540 GStreamer 安全漏洞 — gstreamer 7.8 -2024-12-11
CVE-2024-8842 PDF-XChange Editor 安全漏洞 — PDF-XChange Editor 7.8 -2024-11-22
CVE-2024-9717 Trimble SketchUp 安全漏洞 — SketchUp Viewer 7.8 -2024-11-22

CWE-457(使用未经初始化的变量) 是常见的弱点类别,本平台收录该类弱点关联的 122 条 CVE 漏洞。