Variant weakness

Draft

CWE-14: Compiler Removal of Code to Clear Buffers

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

This compiler optimization error occurs when: Secret data are stored in memory. The secret data are scrubbed from memory by overwriting its contents. The source code is compiled using an optimizing compiler, which identifies and removes the function that overwrites the contents as a dead store because the memory is not used subsequently.

CWE-14: Compiler Removal of Code to Clear Buffers

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Black Box

White Box

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-14?

What CVEs are caused by CWE-14?

Is CWE-14 part of the OWASP Top 10?

How do you prevent CWE-14?

How is CWE-14 detected?

What are the consequences of CWE-14?

Is CWE-14 actively exploited?

References

Stay ahead of CWE-14

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Black Box

White Box

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-14?

What CVEs are caused by CWE-14?

Is CWE-14 part of the OWASP Top 10?

How do you prevent CWE-14?

How is CWE-14 detected?

What are the consequences of CWE-14?

Is CWE-14 actively exploited?

References

Stay ahead of CWE-14