logo

Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Draft Variant
Structure: Simple
Description

Using realloc() to resize buffers containing secrets like passwords or keys can leave that sensitive data exposed in memory, as the original data is not securely erased.

Extended Description

When a program uses realloc() to enlarge a memory block, the system often allocates a new, larger chunk of memory and copies the old data over. The original memory block, still containing your sensitive information, becomes inaccessible to your program but remains physically present in the heap. This creates a dangerous window where the uncleared secrets are left behind, ripe for inspection. An attacker exploiting this weakness could perform a heap inspection attack by reading the process's memory through a dump or debugger. Since your code lost the pointer to the old location, it cannot overwrite that data, leaving passwords, encryption keys, or other confidential details fully visible to the attacker. To prevent this, you must manually clear sensitive data from a buffer before resizing it or use secure, dedicated functions designed for zeroing memory.
Common Consequences 1
Scope: ConfidentialityOther

Impact: Read MemoryOther

Be careful using vfork() and fork() in security sensitive code. The process state will not be cleaned up and will contain traces of data from past use.
Demonstrative Examples 1

ID : DX-148

The following code calls realloc() on a buffer containing sensitive data:

Code Example:

Bad
C
c
There is an attempt to scrub the sensitive data from memory, but realloc() is used, so it could return a pointer to a different part of memory. The memory that was originally allocated for cleartext_buffer could still contain an uncleared copy of the data.
Observed Examples 1
CVE-2019-3733Cryptography library does not clear heap memory before release
References 1
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
Katrina Tsipenyuk, Brian Chess, and Gary McGraw
NIST Workshop on Software Security Assurance Tools Techniques and MetricsNIST
07-11-2005
https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf
ID: REF-6
Applicable Platforms
Languages:
C : UndeterminedC++ : Undetermined
Modes of Introduction
Implementation
Functional Areas
  1. Memory Management
Affected Resources
  1. Memory
Related Weaknesses
ChildOf: Sensitive Information in Resource Not Removed Before Reuse (CWE-226)
CanPrecede: Incorrect Resource Transfer Between Spheres (CWE-669)
Taxonomy Mapping
  • 7 Pernicious Kingdoms
  • CERT C Secure Coding
  • Software Fault Patterns