目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-908 对未经初始化资源的使用 类漏洞列表 131

CWE-908 对未经初始化资源的使用 类弱点 131 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-908 属于资源使用不当漏洞,指程序访问或操作未初始化的资源。攻击者通常利用此缺陷触发程序崩溃、非法内存访问或引发不可预期的异常行为,进而可能导致拒绝服务或进一步利用。开发者应避免此类问题,需在访问资源前确保其已完成正确的初始化流程,并增加对资源状态的严格检查与错误处理机制,以保障系统的稳定性与安全性。

MITRE CWE 官方描述
CWE:CWE-908 使用未初始化的资源(Use of Uninitialized Resource) 英文:产品使用了或访问了一个尚未初始化的资源。 当资源未被正确初始化时,产品可能会出现意外行为。这可能导致崩溃或无效内存访问,但其后果因资源类型及其在产品中的使用方式而异。
常见影响 (2)
ConfidentialityRead Memory, Read Application Data
When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
AvailabilityDoS: Crash, Exit, or Restart
The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.
缓解措施 (4)
ImplementationExplicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
ImplementationPay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
ImplementationAvoid race conditions (CWE-362) during initialization routines.
Build and CompilationRun or compile the product with settings that generate warnings about uninitialized variables or data.
代码示例 (2)
Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.
private boolean initialized = true; public void someMethod() { if (!initialized) { // perform initialization tasks ... initialized = true; }
Bad · Java
The following code intends to limit certain operations to the administrator only.
$username = GetCurrentUser(); $state = GetStateData($username); if (defined($state)) { $uid = ExtractUserID($state); } # do stuff if ($uid == 0) { DoAdminThings(); }
Bad · Perl
CVE ID标题CVSS风险等级Published
CVE-2026-45736 ws 安全漏洞 — ws 4.4 Medium2026-05-15
CVE-2025-48513 AMD Chipset 安全漏洞 — AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt R")--2026-05-15
CVE-2026-7141 vLLM 安全漏洞 — vllm 5.6 Medium2026-04-27
CVE-2026-26175 Microsoft Windows Boot Manager 安全漏洞 — Windows 10 Version 1607 4.6 Medium2026-04-14
CVE-2026-34543 OpenEXR 安全漏洞 — openexr 5.5AIMediumAI2026-04-01
CVE-2026-27496 n8n 安全漏洞 — n8n 6.5 -2026-03-25
CVE-2025-12736 OpenHarmony 安全漏洞 — OpenHarmony 6.5 Medium2026-03-16
CVE-2026-3497 OpenSSH 安全漏洞 — openssh 9.1AICriticalAI2026-03-12
CVE-2026-2044 GIMP 安全漏洞 — GIMP 7.8AIHighAI2026-02-20
CVE-2025-12474 libjxl 安全漏洞 — libjxl 4.3 -2026-02-11
CVE-2025-15281 GNU C Library 安全漏洞 — glibc 7.5AIHighAI2026-01-20
CVE-2026-0915 GNU C Library 安全漏洞 — glibc 7.5AIHighAI2026-01-15
CVE-2026-20962 Microsoft Dynamics 安全漏洞 — Windows 10 Version 1809 4.4 Medium2026-01-13
CVE-2025-40829 Siemens Simcenter Femap 安全漏洞 — Simcenter Femap 7.8 High2025-12-12
CVE-2025-62472 Microsoft Windows Remote Access Connection Manager 安全漏洞 — Windows 10 Version 1607 7.8 High2025-12-09
CVE-2025-31649 Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞 — BCM5820X 8.7 High2025-11-17
CVE-2025-31361 Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞 — BCM5820X 8.7 High2025-11-17
CVE-2025-9640 Samba 安全漏洞 4.3 Medium2025-10-15
CVE-2025-59194 Microsoft Windows Kernel 安全漏洞 — Windows 11 version 22H2 7.0 High2025-10-14
CVE-2025-59204 Microsoft Windows 安全漏洞 — Windows 10 Version 1809 5.5 Medium2025-10-14
CVE-2025-59964 Juniper Networks Junos OS SRX 安全漏洞 — Junos OS 7.5 High2025-10-09
CVE-2025-53799 Microsoft Windows 安全漏洞 — Microsoft Office for Android 5.5 Medium2025-09-09
CVE-2025-55198 Helm 安全漏洞 — helm 6.5 Medium2025-08-13
CVE-2025-50157 Microsoft Windows Routing and Remote Access Service 安全漏洞 — Windows Server 2008 R2 Service Pack 1 5.7 Medium2025-08-12
CVE-2025-53719 Microsoft Windows Routing and Remote Access Service 安全漏洞 — Windows Server 2008 R2 Service Pack 1 5.7 Medium2025-08-12
CVE-2025-53153 Microsoft Windows Routing and Remote Access Service 安全漏洞 — Windows Server 2008 R2 Service Pack 1 5.7 Medium2025-08-12
CVE-2025-53148 Microsoft Windows Routing and Remote Access Service 安全漏洞 — Windows Server 2008 R2 Service Pack 1 5.7 Medium2025-08-12
CVE-2025-53138 Microsoft Windows Routing and Remote Access Service 安全漏洞 — Windows Server 2008 R2 Service Pack 1 5.7 Medium2025-08-12
CVE-2025-50156 Microsoft Windows Routing and Remote Access Service 安全漏洞 — Windows Server 2008 R2 Service Pack 1 5.7 Medium2025-08-12
CVE-2025-53759 Microsoft Excel 安全漏洞 — Microsoft 365 Apps for Enterprise 7.8 High2025-08-12

CWE-908(对未经初始化资源的使用) 是常见的弱点类别,本平台收录该类弱点关联的 131 条 CVE 漏洞。