VYPR

CWE-1038

Insecure Automated Optimizations

ClassDraftLikelihood: Low

Description

The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.

Hierarchy (View 1000)

CVEs mapped to this weakness (4)

  • CVE-2023-52971MedMar 8, 2025
    risk 0.32cvss 4.9epss 0.00

    MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.

  • CVE-2023-52970MedMar 8, 2025
    risk 0.32cvss 4.9epss 0.00

    MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.

  • CVE-2023-52969MedMar 8, 2025
    risk 0.32cvss 4.9epss 0.00

    MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.

  • CVE-2024-47825Oct 21, 2024
    risk 0.00cvss epss 0.00

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than `/32` may be ignored if there is a policy rule referencing a more…