[metadata]
id = "EXP33-C"
type = "rule"
category = "EXP"
number = 33
title = "Do not read uninitialized memory"
description = """
Local, automatic variables assume unexpected values if they are read before they
are initialized. The C Standard, 6.7.11, paragraph 11, specifies [ISO/IEC
9899:2024] Seeundefined behavior 11. When local, automatic variables are stored
on the program stack, for example, their values default to whichever values are
currently stored in stack memory.
"""
severity = "High"
likelihood = "Probable"
priority = "P12"
level = "L1"
cert_version = "2016 Edition (Wiki)"
last_modified = "Jul 02, 2025"
[rules.cert_c.EXP33-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory"
cwe = ["CWE-456", "CWE-457", "CWE-758", "CWE-908", "CWE-119", "CWE-676", "CWE-665", "CWE-123", "CWE-824"]