VYPR

CWE-457

Use of Uninitialized Variable

VariantDraftLikelihood: High

Description

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

In some languages such as C and C++, stack variables are not initialized by default. They generally contain junk data with the contents of stack memory before the function was invoked. An attacker can sometimes control or read these contents. In other languages or conditions, a variable that is not explicitly initialized can be given a default value that has security implications, depending on the logic of the program. The presence of an uninitialized variable can sometimes indicate a typographic error in the code.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (75)

page 2 of 4
  • CVE-2026-9754MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command

  • CVE-2026-11268MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11141MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in Audio in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11138MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11137MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11123MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11110MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11109MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11104MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11101MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11090MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11089MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11087MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11067MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11064MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11057MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11039MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11033MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in WebML in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10994MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10977MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)