Tag Archives: CWE- 824

CWE-824 – Access of Uninitialized Pointer

Read Time:1 Minute, 54 Second

Description

The program accesses or uses a pointer that has not been initialized.

Modes of Introduction:

Likelihood of Exploit:

 

Related Weaknesses

CWE-119
CWE-119
CWE-119
CWE-119
CWE-125
CWE-787

 

Consequences

Confidentiality: Read Memory

If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.

Availability: DoS: Crash, Exit, or Restart

If the uninitialized pointer references a memory location that is not accessible to the program, or points to a location that is “malformed” (such as NULL) or larger than expected by a read or write operation, then a crash may occur.

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands

If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.

 

Potential Mitigations

CVE References

 

  • CVE-2010-0211
    • chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824).
  • CVE-2009-2768
    • Pointer in structure is not initialized, leading to NULL pointer dereference (CWE-476) and system crash.
  • CVE-2009-1415
    • Improper handling of invalid signatures leads to free of invalid pointer.
  • CVE-2009-0846
    • Invalid encoding triggers free of uninitialized pointer.
  • CVE-2009-0040
    • Crafted PNG image leads to free of uninitialized pointer.
  • CVE-2008-2934
    • Crafted GIF image leads to free of uninitialized pointer.
  • CVE-2007-4682
    • Access of uninitialized pointer might lead to code execution.
  • CVE-2007-4639
    • Step-based manipulation: invocation of debugging function before the primary initialization function leads to access of an uninitialized pointer and code execution.
  • CVE-2007-4000
    • Unchecked return values can lead to a write to an uninitialized pointer.
  • CVE-2007-2442
    • zero-length input leads to free of uninitialized pointer.
  • CVE-2007-1213
    • Crafted font leads to uninitialized function pointer.
  • CVE-2006-6143
    • Uninitialized function pointer in freed memory is invoked
  • CVE-2006-4175
    • LDAP server mishandles malformed BER queries, leading to free of uninitialized memory
  • CVE-2006-0054
    • Firewall can crash with certain ICMP packets that trigger access of an uninitialized pointer.
  • CVE-2003-1201
    • LDAP server does not initialize members of structs, which leads to free of uninitialized pointer if an LDAP request fails.