Improper Clearing of Heap Memory Before Release ('Heap Inspection')

CVE-2025-45663

Medium

6.5/10

Summary

An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

References

Advisory Timeline

Published Nov 03, 2025

Improper Clearing of Heap Memory Before Release ('Heap Inspection')

CVE-2025-45663

Summary

CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS