Tag Archives: CVE-2019-9805

CWE-908 – Use of Uninitialized Resource

Read Time:2 Minute, 9 Second

Description

The software uses or accesses a resource that has not been initialized.

When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software.

Modes of Introduction:

– Implementation

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-665
CWE-665

 

Consequences

Confidentiality: Read Memory, Read Application Data

When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.

Availability: DoS: Crash, Exit, or Restart

The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend.

 

Potential Mitigations

Phase: Implementation

Effectiveness:

Description: 

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Phase: Implementation

Effectiveness:

Description: 

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Phase: Implementation

Effectiveness:

Description: 

Avoid race conditions (CWE-362) during initialization routines.

Phase: Build and Compilation

Effectiveness:

Description: 

Run or compile the software with settings that generate warnings about uninitialized variables or data.

CVE References

 

  • CVE-2019-9805
    • Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.
  • CVE-2008-4197
    • Use of uninitialized memory may allow code execution.
  • CVE-2008-2934
    • Free of an uninitialized pointer leads to crash and possible code execution.
  • CVE-2008-0063
    • Product does not clear memory contents when generating an error message, leading to information leak.
  • CVE-2008-0062
    • Lack of initialization triggers NULL pointer dereference or double-free.
  • CVE-2008-0081
    • Uninitialized variable leads to code execution in popular desktop application.
  • CVE-2008-3688
    • Chain: Uninitialized variable leads to infinite loop.
  • CVE-2008-3475
    • Chain: Improper initialization leads to memory corruption.
  • CVE-2005-1036
    • Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap
  • CVE-2008-3597
    • Chain: game server can access player data structures before initialization has happened leading to NULL dereference
  • CVE-2009-2692
    • Chain: uninitialized function pointers can be dereferenced allowing code execution
  • CVE-2009-0949
    • Chain: improper initialization of memory can lead to NULL dereference
  • CVE-2009-3620
    • Chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference

CWE-696 – Incorrect Behavior Order

Read Time:41 Second

Description

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-691

 

Consequences

Integrity: Alter Execution Logic

 

Potential Mitigations

CVE References

 

  • CVE-2019-9805
    • Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.
  • CVE-2007-5191
    • file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges
  • CVE-2007-1588
    • C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended