Description
The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not. When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party. If security-critical decisions rely on a variable having a "0" or equivalent value, and the programming language performs this initialization on behalf of the programmer, then a bypass of security may occur. The uninitialized data may contain values that cause program flow to change in ways that the programmer did not intend. For example, if an uninitialized variable is used as an array index in C, then its previous contents may produce an index that is outside the range of the array, possibly causing a crash or an exit in other environments.The weakness is introduced during Implementation, Operation stages.
Latest vulnerabilities for CWE-665
References
Description of CWE-665 on Mitre website