CWE-1038
Insecure Automated Optimizations
Low
Draft
2018-03-29
00h00 +00:00
00h00 +00:00
2023-10-26
00h00 +00:00
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Name: Insecure Automated Optimizations
The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.
General Informations
Modes Of Introduction
Architecture and Design : Optimizations built into the design of a product can have unintended consequences during execution.Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Integrity | Alter Execution Logic Note: The optimizations alter the order of execution resulting in side effects that were not intended by the original developer. |
Observed Examples
| References | Description |
|---|---|
CVE-2017-5715 | Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre". |
CVE-2008-1685 | C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows. |
Vulnerability Mapping Notes
Justification : This CWE entry is a Class and might have Base-level children that would be more appropriateComment : Examine children of this entry to see if there is a better fit
Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 3.1 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Observed_Examples |
2025©
tesweb SA
