CWE-908 779 個 CVE MITRE 定義 ↗

CWE-908:Use of Uninitialized Resource

概覽

CWE-908(Use of Uninitialized Resource)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product uses or accesses a resource that has not been initialized.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-56085 2026-07-03 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 throu…
CVE-2026-53467 2026-07-01 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure…
CVE-2026-6686 2026-07-01 FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 (Use of Uninitialized Res…
CVE-2026-54500 2026-06-30 Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory (and, for long keys, reads out …
CVE-2026-58051 2026-06-27 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2_pu…
CVE-2026-53311 2026-06-26 In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fuse_dentry_revalidate() fuse_dentry_revalidate() may be called with a dentry that didn't had ->d_time i…
CVE-2026-53243 2026-06-25 In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseq_exit_user_update() There is an bug in which an uninitialized stack variabl…
CVE-2026-53225 2026-06-25 In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in __sctp_rcv_asconf_lookup() __sctp_rcv_asconf_lookup() in net/sctp/input.c only checks that the ASCONF ch…
CVE-2026-53218 2026-06-25 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_exthdr: fix register tracking for F_PRESENT flag nft_exthdr_init() passes user-controlled priv->len to nft_parse_re…
CVE-2026-53170 2026-06-25 In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject DMA commands with uninitialized length cmd_state_init() initializes the command state with memset(0xff), leav…
CVE-2026-53167 2026-06-25 In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios FUSE_NOTIFY_RETRIEVE must be limited to uptodate folios; !uptodate folios can …
CVE-2026-53142 2026-06-25 In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether di…
CVE-2026-56968 2026-06-23 GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
CVE-2026-11576 2026-06-19 The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally call…
CVE-2026-42969 2026-06-09 Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-48104 2026-06-05 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In th…
CVE-2026-48101 2026-06-05 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCap…
CVE-2026-11089 2026-06-04 Uninitialized Use in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…
CVE-2026-26825 2026-06-03 A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory origin…
CVE-2026-46257 2026-06-03 In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered…

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2012-12-21
版本
2.4
評論
New weakness based on discussion on the CWE research list in December 2012.

內容修訂

日期 名稱 版本 重要性 評論
2017-11-08 CWE Content Team 3.0 updated Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Description, Relationships
2020-08-20 CWE Content Team 4.2 updated Relationships
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Demonstrative_Examples, Observed_Examples
2023-01-31 CWE Content Team 4.10 updated Description, Potential_Mitigations
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated References
2025-12-11 CWE Content Team 4.19 updated Detection_Factors, Observed_Examples
cvelogic Threat Intelligence