CWE-14
Compiler Removal of Code to Clear Buffers
Description
Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."
{"xhtml:p":["This compiler optimization error occurs when:"],"xhtml:ol":[{"xhtml:li":["Secret data are stored in memory.","The secret data are scrubbed from memory by overwriting its contents.","The source code is compiled using an optimizing compiler, which identifies and removes the function that overwrites the contents as a dead store because the memory is not used subsequently."]}]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Memory, Bypass Protection Mechanism
Potential Mitigations
Store the sensitive data in a "volatile" memory location if available.
If possible, configure your compiler so that it does not remove dead stores.
Where possible, encrypt sensitive data that are used by a software system.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now