CWE-14: Compiler Removal of Code to Clear Buffers

VariantDraft

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."

View on MITRE

Back to CWE Lookup

Extended Description

This compiler optimization error occurs when: Secret data are stored in memory. The secret data are scrubbed from memory by overwriting its contents. The source code is compiled using an optimizing compiler, which identifies and removes the function that overwrites the contents as a dead store because the memory is not used subsequently.

Technical Details

Structure: Simple

Applicable To

Languages

CC++

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-14

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references