Improper Clearing of Heap Memory Before Release ('Heap Inspection')

CVE-2025-33101

Medium

5.9/10

Summary

IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

References

Advisory Timeline

Published Feb 17, 2026

Improper Clearing of Heap Memory Before Release ('Heap Inspection')

CVE-2025-33101

Summary

CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS