Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that

can become vulnerabilities

Home About ▼ CWE List ▼ Mapping ▼ Top-N Lists ▼ Community ▼ News ▼ Search

CWE-456: Missing Initialization of a Variable

Weakness ID: 456
Vulnerability Mapping: ALLOWED
Abstraction: Variant

Mapping
View customized information: Conceptual Operational Complete Custom
Friendly

Description
The product does not initialize critical variables, which causes the execution environment to use unexpected values.
Relationships
Relevant to the view "Research Concepts" (CWE-1000)
Nature Type ID Name
ChildOf 909 Missing Initialization of Resource
CanPrecede 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection')
CanPrecede 98 Improper Control of Filename for Include/Require Statement in PHP Program
('PHP Remote File Inclusion')
CanPrecede 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CanPrecede 457 Use of Uninitialized Variable

Relevant to the view "CISQ Quality Measures (2020)" (CWE-1305)

Relevant to the view "CISQ Data Protection Measures" (CWE-1340)
Memberships

Nature Type ID Name

MemberOf 808 2010 Top 25 - Weaknesses On the Cusp
MemberOf 867 2011 Top 25 - Weaknesses On the Cusp
MemberOf 884 CWE Cross-section
MemberOf 998 SFP Secondary Cluster: Glitch in Computation
MemberOf 1129 CISQ Quality Measures (2016) - Reliability
MemberOf 1131 CISQ Quality Measures (2016) - Security
MemberOf 1167 SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR)
MemberOf 1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
MemberOf 1416 Comprehensive Categorization: Resource Lifecycle Management

Vulnerability Mapping Notes

Usage: ALLOWED (this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root
causes of vulnerabilities.
Comments:

Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a
mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Notes
Relationship
This weakness is a major factor in a number of resultant weaknesses, especially in web applications that allow global
variable initialization (such as PHP) with libraries that can be directly requested.
Taxonomy Mappings

Mapped Taxonomy Name Node ID Fit Mapped Node Name

PLOVER Missing Initialization
Software Fault Patterns SFP1 Glitch in computation
CERT C Secure Coding ERR30-C CWE More Set errno to zero before calling a library function known to
Abstract set errno, and check errno only after the function returns a
value indicating failure
SEI CERT Perl Coding Standard DCL04-PL Exact Always initialize local variables
SEI CERT Perl Coding Standard DCL33-PL Imprecise Declare identifiers before using them
OMG ASCSM ASCSM-CWE-
456
 OMG ASCRM ASCRM-CWE-
456

Content History

Submissions
Submission Date Submitter Organization
2006-07-19 PLOVER
(CWE Draft 3, 2006-07-19)
Modifications
Previous Entry Names