DerScanner
Home / Vulnerability Database / C or C++ : Privacy violation from a memory dump
C/C++

C or C++ : Privacy violation from a memory dump

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic Failures
OWASP MASVS
V2: 2.10.(L2/L2+R)V7: 7.8.(L1/L2/L1+R/L2+R)
PCI DSS 4.0
3.3.1
HIPAA
§164.312 (a)(1)
CWE
CWE-244CWE-312CWE-359CWE-1032

Overview

Some functions to work with the heap, for example realloc() can make sensitive data available to an attacker.

If valuable data (passwords, credit card numbers, etc.) is not deleted from memory immediately after use, leak is possible.

References

  1. OWASP Top 10 2017-A3-Sensitive Data Exposure
  2. OWASP Top 10 2013-A6-Sensitive Data Exposure
  3. CWE-359: Exposure of Private Information (‘Privacy Violation’)
  4. realloc - cppreference.com
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
  6. CWE-244
  7. CWE-312
MEDIUM

DerScanner Severity Score

Do you want to fix C or C++ : Privacy violation from a memory dump in your application?

See also

C/C++

C or C++ : Dead store

C/C++

C or C++ : Use after free

C/C++

C or C++ : va_list uninitialized