CWE-1038

Insecure Automated Optimizations

Class

Draft

Description

The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.

Parent Weaknesses (ChildOf)

CWE-435: Improper Interaction Between M...

CWE-758: Reliance on Undefined, Unspeci...

Common Consequences

Scope

Integrity

Impact

Alter Execution Logic

CVE-2017-5715

Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".

CVE-2008-1685

C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-1038

Insecure Automated Optimizations

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms