CWE-14
Compiler Removal of Code to Clear Buffers
Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."
Mitigation
Phase: Implementation
Description:
- Store the sensitive data in a "volatile" memory location if available.
Mitigation
Phase: Build and Compilation
Description:
- If possible, configure your compiler so that it does not remove dead stores.
Mitigation
Phase: Architecture and Design
Description:
- Where possible, encrypt sensitive data that are used by a software system.
No CAPEC attack patterns related to this CWE.