CVE-2025-64429: Cpp Ub Clearing String Data
Attempting to erase sensitive data by casting away constness on `.data()` and calling a memory clearing function invokes undefined behavior. It can result in the memory not being modified or the operation being optimized out, leaving sensitive data in memory. Use `&(*str)[0]` or a secure erasure function instead.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
C++β
C++βgreprules fetch cve-2025-64429-cpp-ub-clearing-string-data --engine opengrepDescription
Attempting to erase sensitive data by casting away constness on `.data()` and calling a memory clearing function invokes undefined behavior. It can result in the memory not being modified or the operation being optimized out, leaving sensitive data in memory. Use `&(*str)[0]` or a secure erasure function instead.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0