CWE-14VariantDraft
Compiler Removal of Code to Clear Buffers
Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."
Open in catalog with CWE filter →Related CAPECs
—
Related vulnerabilities
CVE-2023-32100
Compiler removal of buffer clearing in
sli_se_driver_mac_compute
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-32099
Compiler removal of buffer clearing in
sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-32098
Compiler removal of buffer clearing in
sli_se_sign_message
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-32097
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_decrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-32096
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_encrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-2481
Compiler removal of buffer clearing in
sli_se_opaque_import_key
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-1132
Compiler removal of buffer clearing in
sli_se_driver_key_agreement
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-0965
Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2025-64646IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.