| Originally the buffer allocated by [[Applet_Manager_services#CreateStorage|CreateStorage]] using the specified input size was not cleared. With [8.0.0+] this was fixed by adding a memset() for the buffer after successful allocation.
+
+
Hence, IStorage->IStorageAccessor->Read will return uninitialized memory when the Write cmd was not previously used with the specified region.
+
| Infoleak from the main [[Applet_Manager_services#IStorage|AM]] heap, allowing defeating ASLR by reading addresses from previously allocated objects.
+
| [[8.0.0]]
+
| [[8.1.0]]
+
| December 2018
+
| August 9, 2019
+
| [[User:Yellows8|yellows8]]
|-
|-
| Out-of-bounds array read for [[BCAT_Content_Container]] secret-data index
| Out-of-bounds array read for [[BCAT_Content_Container]] secret-data index