Détail du CWE-1038

CWE-1038

Insecure Automated Optimizations
Bas
Draft
2018-03-29
00h00 +00:00
2023-10-26
00h00 +00:00
CWE Mitre.org
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: Insecure Automated Optimizations

The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.

Informations générales

Modes d'introduction

Architecture and Design : Optimizations built into the design of a product can have unintended consequences during execution.

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Conséquences courantes

Portée Impact Probabilité
IntegrityAlter Execution Logic

Note: The optimizations alter the order of execution resulting in side effects that were not intended by the original developer.

Exemples observés

Références Description

CVE-2017-5715

Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".

CVE-2008-1685

C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is a Class and might have Base-level children that would be more appropriate
Commentaire : Examine children of this entry to see if there is a better fit

Soumission

Nom Organisation Date Date de publication Version
CWE Content Team MITRE 2018-03-07 +00:00 2018-03-29 +00:00 3.1

Modifications

Nom Organisation Date Commentaire
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples