Compiler Removal of Code to Clear Buffers
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-14: Compiler Removal of Code to Clear Buffers |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Using memset() to erase sensitive data from memory is unreliable because compilers may optimize away these calls, leaving sensitive information in memory. Instead, memset_s() should be used to securely clear buffers containing confidential data.
Impact#
If sensitive data like passwords or cryptographic keys remain in memory due to ineffective clearing, attackers could retrieve this information through memory dumps or after buffer reuse, leading to data breaches or compromise of critical systems.