Read Time:30 Second

Description

The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.

Modes of Introduction:

Likelihood of Exploit:

 

Related Weaknesses

CWE-1038

 

Consequences

Access Control, Other: Bypass Protection Mechanism, Other

 

Potential Mitigations

CVE References

 

  • CVE-2008-1685
    • C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows.
  • CVE-2019-1010006
    • Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).