CVEbaza.plSłownik CWECWE-14
Common Weakness Enumeration

CWE-14

Compiler Removal of Code to Clear Buffers

Kategoria: VariantCVE: 10
Opis

Wrażliwa pamięć jest czyszczona zgodnie z kodem źródłowym, jednak optymalizacje kompilatora pozostawiają pamięć nietknięta, gdy nie jest z niej więcej odczytywana, tzw. "usunięcie martwych przypisań". Może to prowadzić do ujawnienia poufnych danych pozostałych w pamięci.

Description (EN)

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."

Podatności CVE z CWE-14 (10)
6.2
CVSS
MEDIUM
CVE-2025-64646

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

pub. 2026-03-25
5.3
CVSS
MEDIUM
CVE-2023-1132

Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

pub. 2023-05-18
5.3
CVSS
MEDIUM
CVE-2023-2481

Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

pub. 2023-05-18
5.3
CVSS
MEDIUM
CVE-2023-32098

Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

pub. 2023-05-18
5.3
CVSS
MEDIUM
CVE-2023-32099

Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

pub. 2023-05-18
5.3
CVSS
MEDIUM
CVE-2023-32100

Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

pub. 2023-05-18
4.7
CVSS
MEDIUM
CVE-2026-48984

pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree() memory release helper in calls free() without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read from disk — without clearing, leaving the sensitive content in freed heap memory until it happens to be overwritten by a subsequent allocation. On a system where a use-after-free condition exists, or where a heap inspection primitive becomes available, this could allow recovery of pad values or other authentication material from freed memory regions. This is a defence-in-depth requirement consistent with prior hardening work in this codebase (GHSA-vx6f-rrqr-j87c applied explicit_bzero to some pad paths; this issue generalises the pattern to the central deallocation helper).

pub. 2026-06-18
3.1
CVSS
LOW
CVE-2023-0965

Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

pub. 2023-05-18
3.1
CVSS
LOW
CVE-2023-32096

Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

pub. 2023-05-18
3.1
CVSS
LOW
CVE-2023-32097

Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

pub. 2023-05-18
Informacje
ID: CWE-14
Typ: Variant
Podatności: 10
MITRE CWE ↗
← Słownik CWE