CVEbaza.plSłownik CWECWE-733
Common Weakness Enumeration

CWE-733

Compiler Optimization Removal or Modification of Security-critical Code

Kategoria: BaseCVE: 9
Opis

Programista implementuje w oprogramowaniu mechanizm ochrony krytyczny dla bezpieczeństwa, jednak kompilator optymalizuje program w taki sposób, że mechanizm zostaje usunięty lub zmodyfikowany. W rezultacie zabezpieczenie może nie działać prawidłowo lub w ogóle nie zostać wdrożone.

Description (EN)

The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.

Podatności CVE z CWE-733 (9)
9.8
CVSS
CRITICAL
CVE-2026-4698

Podatność typu type confusion (CWE-843) w komponencie JIT silnika JavaScript przeglądarki Mozilla Firefox oraz klienta Thunderbird umożliwia zdalnemu atakującemu wykonanie dowolnego kodu bez jakiegokolwiek uwierzytelnienia. Krytyczny wynik CVSS 9.8 oraz sieciowy wektor ataku bez wymagań wstępnych czynią tę podatność wyjątkowo niebezpieczną.

pub. 2026-03-24
9.8
CVSS
CRITICAL
CVE-2025-13024

Podatność w komponencie JIT (Just-In-Time compilation) silnika JavaScript produktów Mozilla Firefox i Thunderbird powoduje błędną kompilację kodu, co może prowadzić do krytycznych konsekwencji bezpieczeństwa. Ocena CVSS 9.8 wskazuje na możliwość zdalnego wykonania kodu bez jakiegokolwiek uwierzytelnienia lub interakcji użytkownika.

pub. 2025-11-11
8.8
CVSS
HIGH
CVE-2026-8389

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

pub. 2026-05-12
7.8
CVSS
HIGH
CVE-2025-52496

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

pub. 2025-07-04
7.8
CVSS
HIGH
CVE-2020-15294

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.

pub. 2020-12-17
7.4
CVSS
HIGH
CVE-2025-20241

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device.

pub. 2025-08-27
5.4
CVSS
MEDIUM
CVE-2026-12299

JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

pub. 2026-06-16
4.3
CVSS
MEDIUM
CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.

pub. 2026-06-02
2.9
CVSS
LOW
CVE-2024-58262

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

pub. 2025-07-27
Informacje
ID: CWE-733
Typ: Base
Podatności: 9
MITRE CWE ↗
← Słownik CWE