Page History

This type of defect can lead to information leakage as is stateddescribed in Rule: [MEM33-C. Do not assume memory allocation routines initialize memory]. Other attacks, such as _heap inspection_ \[[vulncat|http://vulncat.fortifysoftware.com/2/HI.html] and [samate|http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf]\] can also occur. To prevent other information leakage and heap inspection it is necessary to clear sensitive information from dynamically allocated buffers before they are freed.