Home / Vulnerability Database / Swift : Privacy violation (Unmanaged memory usage)
Swift
Swift : Privacy violation (Unmanaged memory usage)
Classification
OWASP Top 10 2013
OWASP Top 10 2017
OWASP Top 10 2021
OWASP MASVS
PCI DSS 4.0
HIPAA
Overview
The contents of the String object can not be deleted from memory by the software. Sensitive data leak is possible.
If sensitive data (passwords, credit card numbers, etc.) is not deleted from memory immediately after use, leak is possible. String objects are immutable; their values can only be removed by the garbage collector. The garbage collector does not run until the virtual machine runs out of memory. Memory dump created in the case of process emergency stop may contain confidential information.
References
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- CWE-359: Exposure of Private Information (‘Privacy Violation’)
- OWASP Top 10 2017-A3-Sensitive Data Exposure
- CWE CATEGORY: OWASP Top 10 2017 Category A6 - Security Misconfiguration
- CWE-244: Improper Clearing of Heap Memory Before Release (‘Heap Inspection’)
- CWE-312: Cleartext Storage of Sensitive Information
MEDIUM
DerScanner Severity Score
Do you want to fix Swift : Privacy violation (Unmanaged memory usage) in your application?
See also
Swift
Swift : Nill password
Swift
Swift : Hardcoded salt
Swift