CWE - CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') (2.1)

Home > CWE List > CWE- Individual Dictionary Definition (2.1)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS
CWRAF
T-Shirt

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Coverage Claims Representation
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Weakness ID: 244 (Weakness Variant)

Status: Draft

Description

Description Summary

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

Extended Description

When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a "heap inspection" attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.

Time of Introduction

Implementation

Applicable Platforms

Languages

C++

Common Consequences

Scope	Effect
Confidentiality Other	Technical Impact: Read memory; Other Be careful using vfork() and fork() in security sensitive code. The process state will not be cleaned up and will contain traces of data from past use.

Demonstrative Examples

Example 1

The following code calls realloc() on a buffer containing sensitive data:

(Bad Code)

Example Language: C

cleartext_buffer = get_secret();...

cleartext_buffer = realloc(cleartext_buffer, 1024);

...

scrub_memory(cleartext_buffer, 1024);

There is an attempt to scrub the sensitive data from memory, but realloc() is used, so a copy of the data can still be exposed in the memory originally allocated for cleartext_buffer.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Base	226	Sensitive Information Uncleared Before Release	Research Concepts (primary)1000
ChildOf	Weakness Class	227	Improper Fulfillment of API Contract ('API Abuse')	Development Concepts (primary)699 Seven Pernicious Kingdoms (primary)700
ChildOf	Category	633	Weaknesses that Affect Memory	Resource-specific Weaknesses (primary)631
ChildOf	Category	742	CERT C Secure Coding Section 08 - Memory Management (MEM)	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf	Category	876	CERT C++ Secure Coding Section 08 - Memory Management (MEM)	Weaknesses Addressed by the CERT C++ Secure Coding Standard (primary)868
CanPrecede	Weakness Class	669	Incorrect Resource Transfer Between Spheres	Research Concepts1000
MemberOf	View	630	Weaknesses Examined by SAMATE	Weaknesses Examined by SAMATE (primary)630

Affected Resources

Memory

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Mapped Node Name
7 Pernicious Kingdoms		Heap Inspection
CERT C Secure Coding	MEM03-C	Clear sensitive information stored in reusable resources returned for reuse
CERT C++ Secure Coding	MEM03-CPP	Clear sensitive information stored in returned reusable resources

White Box Definitions

A weakness where code path has:

1. start statement that stores information in a buffer

2. end statement that resize the buffer and

3. path does not contain statement that performs cleaning of the buffer

Content History

Submissions
Submission Date	Submitter	Organization	Source
	7 Pernicious Kingdoms		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-08-01		KDM Analytics	External
2008-08-01	added/updated white box definitions
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Applicable_Platforms, Name, Relationships, Other_Notes, Taxonomy_Mappings
2008-10-14	CWE Content Team	MITRE	Internal
2008-10-14	updated Relationships
2008-11-24	CWE Content Team	MITRE	Internal
2008-11-24	updated Relationships, Taxonomy_Mappings
2009-05-27	CWE Content Team	MITRE	Internal
2009-05-27	updated Demonstrative_Examples, Name
2009-10-29	CWE Content Team	MITRE	Internal
2009-10-29	updated Common_Consequences, Description, Other_Notes
2010-12-13	CWE Content Team	MITRE	Internal
2010-12-13	updated Name
2011-06-01	CWE Content Team	MITRE	Internal
2011-06-01	updated Common_Consequences
2011-09-13	CWE Content Team	MITRE	Internal
2011-09-13	updated Relationships, Taxonomy_Mappings
Previous Entry Names
Change Date	Previous Entry Name
2008-04-11	Heap Inspection

2008-09-09	Failure to Clear Heap Memory Before Release

2009-05-27	Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')

2010-12-13	Failure to Clear Heap Memory Before Release ('Heap Inspection')

Page Last Updated: September 12, 2011


	CWE is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us