CWE-14
AllowedCompiler Removal of Code to Clear Buffers
Abstraction: Variant · Status: Draft
Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."
19 vulnerabilities reference this CWE, most recent first.
GHSA-47WF-487J-MCRR
Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14Compiler removal of buffer clearing in
sli_crypto_transparent_aead_decrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
{
"affected": [],
"aliases": [
"CVE-2023-32097"
],
"database_specific": {
"cwe_ids": [
"CWE-14"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T19:15:09Z",
"severity": "HIGH"
},
"details": "\nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_decrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
"id": "GHSA-47wf-487j-mcrr",
"modified": "2024-04-04T04:14:33Z",
"published": "2023-05-18T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32097"
},
{
"type": "WEB",
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6HCP-Q563-CM49
Vulnerability from github – Published: 2026-03-25 21:30 – Updated: 2026-03-25 21:30IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
{
"affected": [],
"aliases": [
"CVE-2025-64646"
],
"database_specific": {
"cwe_ids": [
"CWE-14"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T21:16:25Z",
"severity": "MODERATE"
},
"details": "IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.",
"id": "GHSA-6hcp-q563-cm49",
"modified": "2026-03-25T21:30:36Z",
"published": "2026-03-25T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64646"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7267105"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8V3W-V77M-PG5C
Vulnerability from github – Published: 2023-07-06 21:14 – Updated: 2024-04-04 05:44Compiler removal of buffer clearing in
sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
{
"affected": [],
"aliases": [
"CVE-2023-32099"
],
"database_specific": {
"cwe_ids": [
"CWE-14"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T19:15:09Z",
"severity": "HIGH"
},
"details": "\nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_hash\u00a0in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
"id": "GHSA-8v3w-v77m-pg5c",
"modified": "2024-04-04T05:44:29Z",
"published": "2023-07-06T21:14:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32099"
},
{
"type": "WEB",
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C5MM-QW5V-HXGQ
Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14Compiler removal of buffer clearing in
sli_se_driver_key_agreement
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
{
"affected": [],
"aliases": [
"CVE-2023-1132"
],
"database_specific": {
"cwe_ids": [
"CWE-14"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T19:15:09Z",
"severity": "HIGH"
},
"details": "\nCompiler removal of buffer clearing in \n\nsli_se_driver_key_agreement\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
"id": "GHSA-c5mm-qw5v-hxgq",
"modified": "2024-04-04T04:14:29Z",
"published": "2023-05-18T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1132"
},
{
"type": "WEB",
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G7HM-82X6-P838
Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
{
"affected": [],
"aliases": [
"CVE-2023-0965"
],
"database_specific": {
"cwe_ids": [
"CWE-14"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T19:15:09Z",
"severity": "HIGH"
},
"details": "\nCompiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
"id": "GHSA-g7hm-82x6-p838",
"modified": "2024-04-04T04:14:26Z",
"published": "2023-05-18T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0965"
},
{
"type": "WEB",
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GCMP-2WVJ-R4F4
Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14Compiler removal of buffer clearing in
sli_se_driver_mac_compute
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
{
"affected": [],
"aliases": [
"CVE-2023-32100"
],
"database_specific": {
"cwe_ids": [
"CWE-14"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T19:15:09Z",
"severity": "HIGH"
},
"details": "\nCompiler removal of buffer clearing in \n\nsli_se_driver_mac_compute\n\nin Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
"id": "GHSA-gcmp-2wvj-r4f4",
"modified": "2024-04-04T04:14:36Z",
"published": "2023-05-18T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32100"
},
{
"type": "WEB",
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GQ7P-9W26-9Q74
Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14Compiler removal of buffer clearing in
sli_se_opaque_import_key
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
{
"affected": [],
"aliases": [
"CVE-2023-2481"
],
"database_specific": {
"cwe_ids": [
"CWE-14"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T19:15:09Z",
"severity": "HIGH"
},
"details": "\nCompiler removal of buffer clearing in \n\n\n\nsli_se_opaque_import_key\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
"id": "GHSA-gq7p-9w26-9q74",
"modified": "2024-04-04T04:14:28Z",
"published": "2023-05-18T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2481"
},
{
"type": "WEB",
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H3QP-9J63-3242
Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14Compiler removal of buffer clearing in
sli_se_sign_message
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
{
"affected": [],
"aliases": [
"CVE-2023-32098"
],
"database_specific": {
"cwe_ids": [
"CWE-14"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T19:15:09Z",
"severity": "HIGH"
},
"details": "\nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_message\n\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
"id": "GHSA-h3qp-9j63-3242",
"modified": "2024-04-04T04:14:35Z",
"published": "2023-05-18T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32098"
},
{
"type": "WEB",
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HG6G-XJ6V-PFG7
Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14Compiler removal of buffer clearing in
sli_crypto_transparent_aead_encrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
{
"affected": [],
"aliases": [
"CVE-2023-32096"
],
"database_specific": {
"cwe_ids": [
"CWE-14"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T19:15:09Z",
"severity": "HIGH"
},
"details": "\nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_encrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n",
"id": "GHSA-hg6g-xj6v-pfg7",
"modified": "2024-04-04T04:14:32Z",
"published": "2023-05-18T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32096"
},
{
"type": "WEB",
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Store the sensitive data in a "volatile" memory location if available.
Mitigation
If possible, configure your compiler so that it does not remove dead stores.
Mitigation
Where possible, encrypt sensitive data that are used by a software system.
No CAPEC attack patterns related to this CWE.