CWE-14— Compiler Removal of Code to Clear Buffers
Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."— MITRE CWE catalog
9 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-14page 1 of 1
- CVE-2023-0965LOWCVSS 3.1EG 3.12023-05-18
Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
- CVE-2023-1132MEDIUMCVSS 5.3EG 5.32023-05-18
Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
- CVE-2023-2481MEDIUMCVSS 5.3EG 5.32023-05-18
Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
- CVE-2023-32096LOWCVSS 3.1EG 3.12023-05-18
Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
- CVE-2023-32097LOWCVSS 3.1EG 3.12023-05-18
Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
- CVE-2023-32098MEDIUMCVSS 5.3EG 5.32023-05-18
Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
- CVE-2023-32099MEDIUMCVSS 5.3EG 5.32023-05-18
Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
- CVE-2023-32100MEDIUMCVSS 5.3EG 5.32023-05-18
Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
- CVE-2026-48984MEDIUMCVSS 4.7EG 4.72026-06-18
pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree() memory release helper in calls free() without first zeroing the buffer contents, releasing heap-allocated buffers c…
Map vulnerabilities like CWE-14 to your infrastructure
EchelonGraph correlates every CVE — across CWE-14 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →