Compiler Optimization Removal or Modification of Security-critical Code Archives

Read Time:30 Second

Description

The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.

Modes of Introduction:

Likelihood of Exploit:

Related Weaknesses

CWE-1038

Consequences

Access Control, Other: Bypass Protection Mechanism, Other

Potential Mitigations

CVE References

CVE-2008-1685
- C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows.

CVE-2019-1010006
- Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).

Cyber Security News

Tag Archives: Compiler Optimization Removal or Modification of Security-critical Code

CWE-733 – Compiler Optimization Removal or Modification of Security-critical Code

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more