CWE-456 8 CVEs MITRE definition ↗

CWE-456: Missing Initialization of a Variable

Overview

CWE-456 (Missing Initialization of a Variable) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product does not initialize critical variables, which causes the execution environment to use unexpected values.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2024-54131 2024-12-03 The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation …
CVE-2024-9780 2024-10-10 ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
CVE-2024-32878 2024-04-26 Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will …
CVE-2023-20226 2023-09-27 A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to r…
CVE-2021-40403 2022-02-04 An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place…
CVE-2021-34703 2021-09-22 A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting …
CVE-2019-3836 2019-04-01 It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
CVE-2018-14641 2018-09-18 A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). W…

Previous names

  • Missing Initialization (2013-02-21)

Content submission

Name
PLOVER
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-07-01 Sean Eidemiller 1.0 added/updated demonstrative examples
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Other_Notes, Taxonomy_Mappings
2010-02-16 CWE Content Team 1.8 updated Relationships
2010-04-05 CWE Content Team 1.8.1 updated Applicable_Platforms, Demonstrative_Examples
2010-06-21 CWE Content Team 1.9 updated Other_Notes, Relationship_Notes
2011-03-29 CWE Content Team 1.12 updated Demonstrative_Examples
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences, Relationships
2012-05-11 CWE Content Team 2.2 updated References, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2013-02-21 CWE Content Team 2.4 updated Name, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated References, Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Relationships, Type
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Demonstrative_Examples
2020-08-20 CWE Content Team 4.2 updated Relationships
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Demonstrative_Examples, Observed_Examples, Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples, Observed_Examples, References
2025-09-09 CWE Content Team 4.18 updated Potential_Mitigations, References
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities

Contributions

Type Name Date Comment
Content Hyeongkwan Lee 2022-09-13 provided demonstratuve example for Java boolean variables
cvelogic Threat Intelligence