CWE-908: Use of Uninitialized Resource — known CVE vulnerabilities
CVEs classified under CWE-908 (Use of Uninitialized Resource), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-1942 — CVSS 9.8 (critical): When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string…
CVE-2024-47540 — CVSS 9.8 (critical): GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been…
CVE-2022-26437 — CVSS 9.8 (critical): In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no…
CVE-2021-45703 — CVSS 9.8 (critical): An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory…
CVE-2021-45693 — CVSS 9.8 (critical): An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized…
CVE-2021-45692 — CVSS 9.8 (critical): An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized…
CVE-2021-45691 — CVSS 9.8 (critical): An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory…
CVE-2021-45690 — CVSS 9.8 (critical): An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory…
CVE-2021-45689 — CVSS 9.8 (critical): An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory…
CVE-2021-45688 — CVSS 9.8 (critical): An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
CVE-2021-45686 — CVSS 9.8 (critical): An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory…
CVE-2021-45685 — CVSS 9.8 (critical): An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized…
CVE-2021-45684 — CVSS 9.8 (critical): An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations.
CVE-2021-45683 — CVSS 9.8 (critical): An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations.
CVE-2021-45682 — CVSS 9.8 (critical): An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations.
CVE-2020-36514 — CVSS 9.8 (critical): An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations.
CVE-2020-36513 — CVSS 9.8 (critical): An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.
CVE-2020-36512 — CVSS 9.8 (critical): An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory…
CVE-2021-40418 — CVSS 9.8 (critical): When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property…
CVE-2021-1619 — CVSS 9.8 (critical): A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an…
CVE-2021-1104 — CVSS 9.8 (critical): The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead…
CVE-2020-36452 — CVSS 9.8 (critical): An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory.
CVE-2020-36443 — CVSS 9.8 (critical): An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read()…
CVE-2020-36432 — CVSS 9.8 (critical): An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().
CVE-2021-29937 — CVSS 9.8 (critical): An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call…
CVE-2021-29936 — CVSS 9.8 (critical): An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator…
CVE-2021-28035 — CVSS 9.8 (critical): An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory…
CVE-2021-28033 — CVSS 9.8 (critical): An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain…
CVE-2021-26305 — CVSS 9.8 (critical): An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain…
CVE-2020-35888 — CVSS 9.8 (critical): An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template.
CVE-2019-14052 — CVSS 9.8 (critical): u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon…
CVE-2019-5067 — CVSS 9.8 (critical): An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially…
CVE-2019-12730 — CVSS 9.8 (critical): aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently…
CVE-2019-9805 — CVSS 9.8 (critical): A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential…
CVE-2019-9641 — CVSS 9.8 (critical): An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized…
CVE-2019-0006 — CVSS 9.8 (critical): A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager…
CVE-2015-8390 — CVSS 9.8 (critical): PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service…
CVE-2008-0081 — CVSS 9.8 (critical): Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote…
CVE-2015-5165 — CVSS 9.3 (critical): The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers…
CVE-2011-1998 — CVSS 9.3 (critical): Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by…
CVE-2011-1995 — CVSS 9.3 (critical): Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code…
CVE-2011-1964 — CVSS 9.3 (critical): Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code…
CVE-2011-1963 — CVSS 9.3 (critical): Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code…
CVE-2011-1266 — CVSS 9.3 (critical): The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in…
CVE-2011-1262 — CVSS 9.3 (critical): Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code…
CVE-2011-1261 — CVSS 9.3 (critical): Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code…
CVE-2011-1256 — CVSS 9.3 (critical): Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code…