CWE-244 19 個 CVE MITRE 定義 ↗

CWE-244:Improper Clearing of Heap Memory Before Release ('Heap Inspection')

概覽

CWE-244(Improper Clearing of Heap Memory Before Release ('Heap Inspection'))描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

適用平台

類型 名稱 普遍性 OS / CPE
language Memory-Unsafe Undetermined
language C Undetermined
language C++ Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2025-70873 2026-03-12 An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
CVE-2026-20039 2026-03-04 A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote…
CVE-2025-33101 2026-02-17 IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.
CVE-2025-1722 2026-01-20 IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
CVE-2025-1719 2026-01-20 IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
CVE-2025-1721 2025-12-26 IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
CVE-2025-36118 2025-11-17 IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
CVE-2025-45663 2025-11-03 An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
CVE-2025-36083 2025-10-28 IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.
CVE-2025-1759 2025-08-18 IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
CVE-2025-33013 2025-07-24 IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose …
CVE-2025-5105 2025-05-23 A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to im…
CVE-2025-26305 2025-02-20 A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.
CVE-2025-26304 2025-02-20 A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8.
CVE-2023-20070 2023-11-01 A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly…
CVE-2023-20031 2023-11-01 A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause …
CVE-2023-20177 2023-11-01 A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detecti…
CVE-2022-20943 2022-11-15 Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the c…
CVE-2022-20922 2022-11-15 Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the c…

曾用名

  • Heap Inspection (2008-04-11)
  • Failure to Clear Heap Memory Before Release (2008-09-09)
  • Failure to Clear Heap Memory Before Release (aka 'Heap Inspection') (2009-05-27)
  • Failure to Clear Heap Memory Before Release ('Heap Inspection') (2010-12-13)

內容提交

名稱
7 Pernicious Kingdoms
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-08-01 1.0 added/updated white box definitions
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Name, Relationships, Other_Notes, Taxonomy_Mappings
2008-10-14 CWE Content Team 1.0.1 updated Relationships
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Demonstrative_Examples, Name
2009-10-29 CWE Content Team 1.6 updated Common_Consequences, Description, Other_Notes
2010-12-13 CWE Content Team 1.11 updated Name
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Relationships, Taxonomy_Mappings, White_Box_Definitions
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2021-10-28 CWE Content Team 4.6 updated Demonstrative_Examples
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Observed_Examples
2025-09-09 CWE Content Team 4.18 updated Functional_Areas
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Detection_Factors, Weakness_Ordinalities
cvelogic Threat Intelligence