VariantDraft

CWE-14Compiler Removal of Code to Clear Buffers

Category: memory

Description

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."

Common consequences· 1

  • Confidentiality / Access Control — Read Memory, Bypass Protection Mechanism
    This weakness will allow data that has not been cleared from memory to be read. If this data contains sensitive password information, then an attacker can read the password and use the information to bypass protection mechanisms.

Potential mitigations· 3

  • [Implementation]Store the sensitive data in a "volatile" memory location if available.
  • [Build and Compilation]If possible, configure your compiler so that it does not remove dead stores.
  • [Architecture and Design]Where possible, encrypt sensitive data that are used by a software system.

References

  1. https://cwe.mitre.org/data/definitions/14.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Compiler Optimization Removal or Modification of Security-critical Code
CWE
Processor Optimization Removal or Modification of Security-critical Code
CWE
Buffer Under-read
CWE
Dead Code
CWE
Access of Memory Location After End of Buffer
CWE
Buffer Over-read
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.