CWE-226: Sensitive Information in Resource Not Removed Before Reuse
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data
潜在缓解措施
阶段: Architecture and Design Implementation
描述: During critical state transitions, information not needed in the next state should be removed or overwritten with fixed patterns (such as all 0's) or random data, before the transition to the next state.
有效性: High
阶段: Architecture and Design Implementation
描述: When releasing, de-allocating, or deleting a resource, overwrite its data and relevant metadata with fixed patterns or random data. Be cautious about complex resource types whose underlying representation might be non-contiguous or change at a low level, such as how a file might be split into different chunks on a file system, even though "logical" file positions are contiguous at the application layer. Such resource types might require invocation of special modes or APIs to tell the underlying operating system to perform the necessary clearing, such as SDelete (Secure Delete) on Windows, although the appropriate functionality might not be available at the application layer.
有效性: High
检测方法
方法: Manual Analysis
Write a known pattern into each sensitive location. Trigger the release of the resource or cause the desired state transition to occur. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the product needs to be fixed. Note that this test can likely be automated.
有效性: High
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-2019-3733
Cryptography library does not clear heap memory before release
参考: CVE-2003-0001
Ethernet NIC drivers do not pad frames with null bytes, leading to infoleak from malformed packets.
参考: CVE-2003-0291
router does not clear information from DHCP packets that have been previously used
参考: CVE-2005-1406
Products do not fully clear memory buffers when less data is stored into the buffer than previous.
参考: CVE-2005-1858
Products do not fully clear memory buffers when less data is stored into the buffer than previous.
参考: CVE-2005-3180
Products do not fully clear memory buffers when less data is stored into the buffer than previous.
参考: CVE-2005-3276
Product does not clear a data structure before writing to part of it, yielding information leak of previously used memory.
参考: CVE-2002-2077
Memory not properly cleared before reuse.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Sensitive Information Uncleared Before Use | - |
| CERT C Secure Coding | MEM03-C | Clear sensitive information stored in reusable resources returned for reuse | - |
| Software Fault Patterns | SFP23 | Exposed Data | - |