Skip to main content

CWE-14

Compiler Removal of Code to Clear Buffers

10 CVEs Avg CVSS 7.1 MITRE
0
CRITICAL
8
HIGH
2
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-48984 MEDIUM PATCH This Month

Insecure deallocation in pam_usb 0.9.1 and below leaves sensitive authentication material - including one-time pad (OTP) bytes read from removable media - resident in freed heap memory because the xfree() helper calls free() without first zeroing the buffer. On any system where a secondary use-after-free condition or heap inspection primitive is present within the same pam_usb process, an attacker could recover pad values or other credential material from those freed regions, potentially undermining the hardware authentication guarantee pam_usb is designed to provide. This is a defense-in-depth hardening gap patched in 0.9.2; no confirmed active exploitation or public exploit code has been identified at time of analysis.

Information Disclosure Pam Usb
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-64646 MEDIUM PATCH This Month

IBM Concert versions 1.0.0 through 2.2.0 suffer from improper buffer resource clearing that allows local attackers to read sensitive information directly from process memory without requiring privileges or user interaction. This information disclosure vulnerability (CVSS 6.2) affects IBM Concert across multiple versions and has a vendor patch available, though no evidence of active exploitation or public proof-of-concept has been reported in the provided intelligence.

IBM Information Disclosure
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2023-32100 HIGH This Week

Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32099 HIGH This Week

Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32098 HIGH This Week

Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32097 HIGH This Week

Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32096 HIGH This Week

Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2481 HIGH This Week

Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1132 HIGH This Week

Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0965 HIGH This Week

Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Insecure deallocation in pam_usb 0.9.1 and below leaves sensitive authentication material - including one-time pad (OTP) bytes read from removable media - resident in freed heap memory because the xfree() helper calls free() without first zeroing the buffer. On any system where a secondary use-after-free condition or heap inspection primitive is present within the same pam_usb process, an attacker could recover pad values or other credential material from those freed regions, potentially undermining the hardware authentication guarantee pam_usb is designed to provide. This is a defense-in-depth hardening gap patched in 0.9.2; no confirmed active exploitation or public exploit code has been identified at time of analysis.

Information Disclosure Pam Usb
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM Concert versions 1.0.0 through 2.2.0 suffer from improper buffer resource clearing that allows local attackers to read sensitive information directly from process memory without requiring privileges or user interaction. This information disclosure vulnerability (CVSS 6.2) affects IBM Concert across multiple versions and has a vendor patch available, though no evidence of active exploitation or public proof-of-concept has been reported in the provided intelligence.

IBM Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy