Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-2PCW-J73G-X4XV

Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31
VLAI
Details

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T17:16:35Z",
    "severity": "HIGH"
  },
  "details": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability",
  "id": "GHSA-2pcw-j73g-x4xv",
  "modified": "2024-05-14T18:31:03Z",
  "published": "2024-05-14T18:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30006"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PCX-JPW3-X254

Vulnerability from github – Published: 2022-05-14 00:55 – Updated: 2022-05-14 00:55
VLAI
Details

An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-15T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.",
  "id": "GHSA-2pcx-jpw3-x254",
  "modified": "2022-05-14T00:55:07Z",
  "published": "2022-05-14T00:55:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18234"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2048"
    },
    {
      "type": "WEB",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=100397"
    },
    {
      "type": "WEB",
      "url": "https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3668-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PF5-J72F-JHXP

Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-09-23 15:30
VLAI
Details

A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.

This issue affects:

Junos OS:

  • All versions before 21.2R3-S8, 
  • 21.4 versions before 21.4R3-S5,
  • 22.2 versions before 22.2R3-S3,
  • 22.3 versions before 22.3R3-S2,
  • 22.4 versions before 22.4R3,
  • 23.2 versions before 23.2R2.

Junos OS Evolved:

  • All versions before 21.2R3-S8-EVO,
  • 21.4-EVO versions before 21.4R3-S5-EVO,
  • 22.2-EVO versions before 22.2R3-S3-EVO, 
  • 22.3-EVO versions before 22.3R3-S2-EVO,
  • 22.4-EVO versions before 22.4R3-EVO,
  • 23.2-EVO versions before 23.2R2-EVO.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-11T16:15:04Z",
    "severity": "MODERATE"
  },
  "details": "A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.\n\n\n\n\nThis issue affects:\n\n\u00a0 \u00a0Junos OS:\n\n\n\n  *  All versions before 21.2R3-S8,\u00a0\n  *  21.4 versions before 21.4R3-S5,\n  *  22.2 versions before 22.2R3-S3,\n  *  22.3 versions before 22.3R3-S2,\n  *  22.4 versions before 22.4R3,\n  *  23.2 versions before 23.2R2.\n\n\n\n\n \u00a0 Junos OS Evolved:\n\n\n\n  *  All versions before 21.2R3-S8-EVO,\n  *  21.4-EVO versions before 21.4R3-S5-EVO,\n  *  22.2-EVO versions before 22.2R3-S3-EVO,\u00a0\n  *  22.3-EVO versions before 22.3R3-S2-EVO,\n  *  22.4-EVO versions before 22.4R3-EVO,\n  *  23.2-EVO versions before 23.2R2-EVO.",
  "id": "GHSA-2pf5-j72f-jhxp",
  "modified": "2024-09-23T15:30:59Z",
  "published": "2024-07-11T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39528"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA82987"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2PG7-R8HW-8M7V

Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2024-09-18 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/ucma: Protect mc during concurrent multicast leaves

Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked.

BUG: KASAN: use-after-free in ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline] BUG: KASAN: use-after-free in ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579 Read of size 8 at addr ffff88801bb74b00 by task syz-executor.1/25529 CPU: 0 PID: 25529 Comm: syz-executor.1 Not tainted 5.16.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:450 ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline] ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579 ucma_destroy_id+0x1e6/0x280 drivers/infiniband/core/ucma.c:614 ucma_write+0x25c/0x350 drivers/infiniband/core/ucma.c:1732 vfs_write+0x28e/0xae0 fs/read_write.c:588 ksys_write+0x1ee/0x250 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae

Currently the xarray search can touch a concurrently freeing mc as the xa_for_each() is not surrounded by any lock. Rather than hold the lock for a full scan hold it only for the effected items, which is usually an empty list.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-20T12:15:11Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ucma: Protect mc during concurrent multicast leaves\n\nPartially revert the commit mentioned in the Fixes line to make sure that\nallocation and erasing multicast struct are locked.\n\n  BUG: KASAN: use-after-free in ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline]\n  BUG: KASAN: use-after-free in ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579\n  Read of size 8 at addr ffff88801bb74b00 by task syz-executor.1/25529\n  CPU: 0 PID: 25529 Comm: syz-executor.1 Not tainted 5.16.0-rc7-syzkaller #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n  Call Trace:\n   __dump_stack lib/dump_stack.c:88 [inline]\n   dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n   print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247\n   __kasan_report mm/kasan/report.c:433 [inline]\n   kasan_report.cold+0x83/0xdf mm/kasan/report.c:450\n   ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline]\n   ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579\n   ucma_destroy_id+0x1e6/0x280 drivers/infiniband/core/ucma.c:614\n   ucma_write+0x25c/0x350 drivers/infiniband/core/ucma.c:1732\n   vfs_write+0x28e/0xae0 fs/read_write.c:588\n   ksys_write+0x1ee/0x250 fs/read_write.c:643\n   do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n   do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nCurrently the xarray search can touch a concurrently freeing mc as the\nxa_for_each() is not surrounded by any lock. Rather than hold the lock for\na full scan hold it only for the effected items, which is usually an empty\nlist.",
  "id": "GHSA-2pg7-r8hw-8m7v",
  "modified": "2024-09-18T18:30:49Z",
  "published": "2024-06-20T12:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48726"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2923948ffe0835f7114e948b35bcc42bc9b3baa1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36e8169ec973359f671f9ec7213547059cae972e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75c610212b9f1756b9384911d3a2c347eee8031c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee2477e8ccd3d978eeac0dc5a981b286d9bb7b0a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PGJ-5CV2-6XXW

Vulnerability from github – Published: 2025-10-08 12:43 – Updated: 2025-10-08 12:43
VLAI
Summary
FuelVM is vulnerable to heap memory allocation re-use bug
Details

Impact

A memory safety vulnerability was present in the Fuel Virtual Machine (FuelVM), where memory reads could bypass expected access controls. Specifically, when a smart contract performed a mload (or other opcodes which access memory) on memory that had been deallocated using ret, it was still able to access the old memory contents. This occurred because the memory region was not zeroed out or otherwise marked as invalid. As a result, smart contracts could potentially read sensitive data left over from other contracts if the same memory was reallocated, violating isolation guarantees between contracts and enabling unintended data leakage.

All users running affected versions of FuelVM that relied on strict memory isolation between smart contracts were impacted.

Patches

The vulnerability was patched by modifying the FuelVM to ensure that memory deallocated with ret was zeroed out or made inaccessible. The fix was included in FuelVM version v0.60.1 and back-ported to v0.59.3. This patch was released to the Fuel network on Friday, April 18th, 2025.

Workarounds

There were no reliable workarounds that fully mitigated the vulnerability. While developers could manually zero out sensitive memory regions before returning from a function, this approach was error-prone and could not be enforced at the VM level. Upgrading to a patched version remained the recommended course of action.

References

  • Fix implemented in the FuelVM GitHub repository (https://github.com/FuelLabs/fuel-vm/pull/941)
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "fuel-vm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.59.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "fuel-vm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.60.0"
            },
            {
              "fixed": "0.60.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-08T12:43:30Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA memory safety vulnerability was present in the Fuel Virtual Machine (FuelVM), where memory reads could bypass expected access controls. Specifically, when a smart contract performed a `mload` (or other opcodes which access memory) on memory that had been deallocated using `ret`, it was still able to access the old memory contents. This occurred because the memory region was not zeroed out or otherwise marked as invalid. As a result, smart contracts could potentially read sensitive data left over from other contracts if the same memory was reallocated, violating isolation guarantees between contracts and enabling unintended data leakage.\n\nAll users running affected versions of FuelVM that relied on strict memory isolation between smart contracts were impacted.\n\n### Patches\n\nThe vulnerability was patched by modifying the FuelVM to ensure that memory deallocated with `ret` was zeroed out or made inaccessible. The fix was included in FuelVM version `v0.60.1` and back-ported to `v0.59.3`. This patch was released to the Fuel network on Friday, April 18th, 2025.\n\n### Workarounds\n\nThere were no reliable workarounds that fully mitigated the vulnerability. While developers could manually zero out sensitive memory regions before returning from a function, this approach was error-prone and could not be enforced at the VM level. Upgrading to a patched version remained the recommended course of action.\n\n### References\n\n- Fix implemented in the FuelVM GitHub repository (https://github.com/FuelLabs/fuel-vm/pull/941)",
  "id": "GHSA-2pgj-5cv2-6xxw",
  "modified": "2025-10-08T12:43:30Z",
  "published": "2025-10-08T12:43:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FuelLabs/fuel-vm/security/advisories/GHSA-2pgj-5cv2-6xxw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FuelLabs/fuel-vm/pull/941"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FuelLabs/fuel-vm/commit/9c97c2bf782626b35ba48e154f210f91c847a513"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FuelLabs/fuel-vm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "FuelVM is vulnerable to heap memory allocation re-use bug"
}

GHSA-2PJP-W8C5-7P9Q

Vulnerability from github – Published: 2022-05-14 03:37 – Updated: 2022-05-14 03:37
VLAI
Details

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4902"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-27T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-2pjp-w8c5-7p9q",
  "modified": "2022-05-14T03:37:07Z",
  "published": "2022-05-14T03:37:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4902"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102995"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040364"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PM8-794W-P8M4

Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 18:31
VLAI
Details

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T23:16:47Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)",
  "id": "GHSA-2pm8-794w-p8m4",
  "modified": "2026-05-29T18:31:23Z",
  "published": "2026-05-29T00:38:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9893"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/513972075"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PQ6-62XR-M3MV

Vulnerability from github – Published: 2023-02-14 12:30 – Updated: 2023-02-22 18:30
VLAI
Details

A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24581"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-14T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V2023Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)",
  "id": "GHSA-2pq6-62xr-m3mv",
  "modified": "2023-02-22T18:30:35Z",
  "published": "2023-02-14T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24581"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PR2-CXFQ-398W

Vulnerability from github – Published: 2022-05-14 01:24 – Updated: 2022-05-14 01:24
VLAI
Details

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-22T05:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.",
  "id": "GHSA-2pr2-cxfq-398w",
  "modified": "2022-05-14T01:24:58Z",
  "published": "2022-05-14T01:24:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2513"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207797"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207798"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207800"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207801"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98468"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038484"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PV2-HM64-84JM

Vulnerability from github – Published: 2022-05-14 04:03 – Updated: 2022-05-14 04:03
VLAI
Details

IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-1635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-13T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.",
  "id": "GHSA-2pv2-hm64-84jm",
  "modified": "2022-05-14T04:03:37Z",
  "published": "2022-05-14T04:03:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1635"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133243"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010554"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101905"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.