[metadata]
id = "MEM03-C"
type = "recommendation"
category = "MEM"
number = 3
title = "Clear sensitive information stored in reusable resources"
description = """
Sensitive data stored in reusable resources may be inadvertently leaked to a
less privileged user or attacker if not properly cleared. Examples of reusable
resources include The manner in which sensitive information can be properly
cleared varies depending on the resource type and platform. Dynamic memory
managers are not required to clear freed memory and generally do not because of
the additional runtime overhead. Furthermore, dynamic memory managers are free
to reallocate this same memory. As a result, it is possible to accidentally leak
sensitive information if it is not cleared before calling a function that frees
dynamic memory. Programmers also cannot rely on memory being cleared during
allocation.
"""
severity = "Medium"
likelihood = "Unlikely"
priority = "P4"
level = "L3"
cert_version = "2016 Edition (Wiki)"
last_modified = "Aug 31, 2025"
[rules.cert_c.MEM03-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources"
cwe = ["CWE-226", "CWE-244"]