diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowNodes.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowNodes.qll
index fe954c640d1b..51cc7430f62c 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowNodes.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowNodes.qll
@@ -617,6 +617,25 @@ module Public {
      */
     LocalVariable asUninitialized() { result = this.(UninitializedNode).getLocalVariable() }
 
+    /**
+     * Gets the uninitialized local variable corresponding to this node behind
+     * the given levels of indirection, if any.
+     */
+    LocalVariable asIndirectUninitialized(int indirectionIndex) {
+      exists(IndirectUninitializedNode indirectUninitializedNode |
+        this = indirectUninitializedNode and
+        indirectUninitializedNode.getIndirectionIndex() = indirectionIndex
+      |
+        result = indirectUninitializedNode.getLocalVariable()
+      )
+    }
+
+    /**
+     * Gets the uninitialized local variable corresponding to this node behind
+     * any levels of indirection, if any.
+     */
+    LocalVariable asIndirectUninitialized() { result = this.asIndirectUninitialized(_) }
+
     /**
      * Gets the positional parameter corresponding to the node that represents
      * the value of the parameter after `index` number of loads, if any. For
@@ -761,16 +780,13 @@ module Public {
     final override Type getType() { result = this.getPreUpdateNode().getType() }
   }
 
-  /**
-   * The value of an uninitialized local variable, viewed as a node in a data
-   * flow graph.
-   */
-  class UninitializedNode extends Node {
+  abstract private class AbstractUninitializedNode extends Node {
     LocalVariable v;
+    int indirectionIndex;
 
-    UninitializedNode() {
+    AbstractUninitializedNode() {
       exists(SsaImpl::Definition def, SsaImpl::SourceVariable sv |
-        def.getIndirectionIndex() = 0 and
+        def.getIndirectionIndex() = indirectionIndex and
         def.getValue().asInstruction() instanceof UninitializedInstruction and
         SsaImpl::defToNode(this, def, sv) and
         v = sv.getBaseVariable().(SsaImpl::BaseIRVariable).getIRVariable().getAst()
@@ -781,6 +797,28 @@ module Public {
     LocalVariable getLocalVariable() { result = v }
   }
 
+  /**
+   * The value of an uninitialized local variable, viewed as a node in a data
+   * flow graph.
+   */
+  class UninitializedNode extends AbstractUninitializedNode {
+    UninitializedNode() { indirectionIndex = 0 }
+  }
+
+  /**
+   * The value of an uninitialized local variable behind one or more levels of
+   * indirection, viewed as a node in a data flow graph.
+   *
+   * NOTE: For the direct value of the uninitialized local variable, see
+   * `UninitializedNode`.
+   */
+  class IndirectUninitializedNode extends AbstractUninitializedNode {
+    IndirectUninitializedNode() { indirectionIndex > 0 }
+
+    /** Gets the level of indirection to get to this node. */
+    int getIndirectionIndex() { result = indirectionIndex }
+  }
+
   /**
    * The value of a parameter at function entry, viewed as a node in a data
    * flow graph. This includes both explicit parameters such as `x` in `f(x)`