Calling free() on a block of dynamic memory marks that memory for deallocation. Once deallocated, the block of memory is made available for future allocation. However, the data stored in the block of memory to be recycled may be preserved. If this memory block contains sensitive information, that information may be unintentionally exposed.
This type of defect scenario can lead to information leakage, ; for instance, as is described in Rule: MEM33-C. Do not assume memory allocation routines initialize memory. Attackers may also be able to leverage this defect to retrieve sensitive information using techniques, such as heap inspection.
...