Common Weakness Enumeration

CWE-14

Allowed

Compiler Removal of Code to Clear Buffers

Abstraction: Variant · Status: Draft

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."

19 vulnerabilities reference this CWE, most recent first.

GHSA-47WF-487J-MCRR

Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14
VLAI
Details

Compiler removal of buffer clearing in

sli_crypto_transparent_aead_decrypt_tag

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-14"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_decrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
  "id": "GHSA-47wf-487j-mcrr",
  "modified": "2024-04-04T04:14:33Z",
  "published": "2023-05-18T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32097"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HCP-Q563-CM49

Vulnerability from github – Published: 2026-03-25 21:30 – Updated: 2026-03-25 21:30
VLAI
Details

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-14"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T21:16:25Z",
    "severity": "MODERATE"
  },
  "details": "IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.",
  "id": "GHSA-6hcp-q563-cm49",
  "modified": "2026-03-25T21:30:36Z",
  "published": "2026-03-25T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64646"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7267105"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8V3W-V77M-PG5C

Vulnerability from github – Published: 2023-07-06 21:14 – Updated: 2024-04-04 05:44
VLAI
Details

Compiler removal of buffer clearing in

sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32099"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-14"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_hash\u00a0in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
  "id": "GHSA-8v3w-v77m-pg5c",
  "modified": "2024-04-04T05:44:29Z",
  "published": "2023-07-06T21:14:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32099"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C5MM-QW5V-HXGQ

Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14
VLAI
Details

Compiler removal of buffer clearing in

sli_se_driver_key_agreement

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-14"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nCompiler removal of buffer clearing in \n\nsli_se_driver_key_agreement\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
  "id": "GHSA-c5mm-qw5v-hxgq",
  "modified": "2024-04-04T04:14:29Z",
  "published": "2023-05-18T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1132"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G7HM-82X6-P838

Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14
VLAI
Details

Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-14"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nCompiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
  "id": "GHSA-g7hm-82x6-p838",
  "modified": "2024-04-04T04:14:26Z",
  "published": "2023-05-18T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0965"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCMP-2WVJ-R4F4

Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14
VLAI
Details

Compiler removal of buffer clearing in

sli_se_driver_mac_compute

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-14"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nCompiler removal of buffer clearing in \n\nsli_se_driver_mac_compute\n\nin Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
  "id": "GHSA-gcmp-2wvj-r4f4",
  "modified": "2024-04-04T04:14:36Z",
  "published": "2023-05-18T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32100"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQ7P-9W26-9Q74

Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14
VLAI
Details

Compiler removal of buffer clearing in

sli_se_opaque_import_key

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-14"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nCompiler removal of buffer clearing in \n\n\n\nsli_se_opaque_import_key\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
  "id": "GHSA-gq7p-9w26-9q74",
  "modified": "2024-04-04T04:14:28Z",
  "published": "2023-05-18T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2481"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H3QP-9J63-3242

Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14
VLAI
Details

Compiler removal of buffer clearing in

sli_se_sign_message

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-14"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_message\n\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
  "id": "GHSA-h3qp-9j63-3242",
  "modified": "2024-04-04T04:14:35Z",
  "published": "2023-05-18T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32098"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HG6G-XJ6V-PFG7

Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14
VLAI
Details

Compiler removal of buffer clearing in

sli_crypto_transparent_aead_encrypt_tag

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-14"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_encrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
  "id": "GHSA-hg6g-xj6v-pfg7",
  "modified": "2024-04-04T04:14:32Z",
  "published": "2023-05-18T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32096"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Store the sensitive data in a "volatile" memory location if available.

Mitigation
Build and Compilation

If possible, configure your compiler so that it does not remove dead stores.

Mitigation
Architecture and Design

Where possible, encrypt sensitive data that are used by a software system.

No CAPEC attack patterns related to this CWE.