Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-32V2-P3XF-66M9

Vulnerability from github – Published: 2022-11-09 12:00 – Updated: 2022-11-09 19:02
VLAI
Details

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-09T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)",
  "id": "GHSA-32v2-p3xf-66m9",
  "modified": "2022-11-09T19:02:22Z",
  "published": "2022-11-09T12:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3887"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1372695"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5275"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-32V5-69PX-96X3

Vulnerability from github – Published: 2022-05-17 03:32 – Updated: 2022-05-17 03:32
VLAI
Details

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-0988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-03-12T15:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.",
  "id": "GHSA-32v5-69px-96x3",
  "modified": "2022-05-17T03:32:33Z",
  "published": "2022-05-17T03:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0988"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201603-07"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/84312"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035251"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-32VC-25C9-WQWW

Vulnerability from github – Published: 2026-03-11 00:31 – Updated: 2026-03-11 00:31
VLAI
Details

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T22:16:17Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-32vc-25c9-wqww",
  "modified": "2026-03-11T00:31:32Z",
  "published": "2026-03-11T00:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27220"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-32W5-6G7Q-F4F8

Vulnerability from github – Published: 2022-05-17 01:18 – Updated: 2025-04-20 03:33
VLAI
Details

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-20T08:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.",
  "id": "GHSA-32w5-6g7q-f4f8",
  "modified": "2025-04-20T03:33:13Z",
  "published": "2022-05-17T01:18:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2353"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207483"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41164"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95723"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-32W7-8JRJ-H2V7

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:42Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.",
  "id": "GHSA-32w7-8jrj-h2v7",
  "modified": "2025-10-14T18:30:29Z",
  "published": "2025-10-14T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48004"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3347-QJPP-457V

Vulnerability from github – Published: 2026-04-15 21:30 – Updated: 2026-04-15 21:30
VLAI
Details

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-15T20:16:38Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
  "id": "GHSA-3347-qjpp-457v",
  "modified": "2026-04-15T21:30:18Z",
  "published": "2026-04-15T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6299"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/497053588"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-334X-45WH-5M94

Vulnerability from github – Published: 2026-01-23 18:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: provide locking for v4_end_grace

Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly.

We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock.

nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access.

However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is set with the spinlock held.

So this patch adds a nfsd_net field "client_tracking_active" which is set as described. Another field "grace_end_forced", is set when v4_end_grace is written. After this is set, and providing client_tracking_active is set, the laundromat is scheduled. This "grace_end_forced" field bypasses other checks for whether the grace period has finished.

This resolves a race which can result in use-after-free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22980"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T16:15:54Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: provide locking for v4_end_grace\n\nWriting to v4_end_grace can race with server shutdown and result in\nmemory being accessed after it was freed - reclaim_str_hashtbl in\nparticularly.\n\nWe cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is\nheld while client_tracking_op-\u003einit() is called and that can wait for\nan upcall to nfsdcltrack which can write to v4_end_grace, resulting in a\ndeadlock.\n\nnfsd4_end_grace() is also called by the landromat work queue and this\ndoesn\u0027t require locking as server shutdown will stop the work and wait\nfor it before freeing anything that nfsd4_end_grace() might access.\n\nHowever, we must be sure that writing to v4_end_grace doesn\u0027t restart\nthe work item after shutdown has already waited for it.  For this we\nadd a new flag protected with nn-\u003eclient_lock.  It is set only while it\nis safe to make client tracking calls, and v4_end_grace only schedules\nwork while the flag is set with the spinlock held.\n\nSo this patch adds a nfsd_net field \"client_tracking_active\" which is\nset as described.  Another field \"grace_end_forced\", is set when\nv4_end_grace is written.  After this is set, and providing\nclient_tracking_active is set, the laundromat is scheduled.\nThis \"grace_end_forced\" field bypasses other checks for whether the\ngrace period has finished.\n\nThis resolves a race which can result in use-after-free.",
  "id": "GHSA-334x-45wh-5m94",
  "modified": "2026-07-14T15:31:32Z",
  "published": "2026-01-23T18:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22980"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06600719d0f7a723811c45e4d51f5b742f345309"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2857bd59feb63fcf40fe4baf55401baea6b4feb4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34eb22836e0cdba093baac66599d68c4cd245a9d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/53f07d095e7e680c5e4569a55a019f2c0348cdc6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba4811c8b433bfa681729ca42cc62b6034f223b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca97360860eb02e3ae4ba42c19b439a0fcecbf06"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8bfa2401d4c51eca6e48e9b33c798828ca9df61"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3355-XW7J-Q4Q7

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24
VLAI
Details

Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-5840"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-11-21T12:55:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.",
  "id": "GHSA-3355-xw7j-q4q7",
  "modified": "2022-05-13T01:24:21Z",
  "published": "2022-05-13T01:24:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5840"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805287"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80190"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16904"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/87606"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51359"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51360"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51369"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51370"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51381"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51434"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51439"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51440"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
    },
    {
      "type": "WEB",
      "url": "http://www.palemoon.org/releasenotes-ng.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/56635"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1636-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1638-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1638-2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1638-3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3358-4F7F-P4J4

Vulnerability from github – Published: 2021-08-25 20:56 – Updated: 2021-08-18 21:16
VLAI
Summary
Use after free in generic-array
Details

An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "generic-array"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.13.0"
            },
            {
              "fixed": "0.13.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "generic-array"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.12.0"
            },
            {
              "fixed": "0.12.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "generic-array"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.11.0"
            },
            {
              "fixed": "0.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "generic-array"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.10.0"
            },
            {
              "fixed": "0.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "generic-array"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.8.0"
            },
            {
              "fixed": "0.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-36465"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-18T21:16:25Z",
    "nvd_published_at": "2021-08-08T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.",
  "id": "GHSA-3358-4f7f-p4j4",
  "modified": "2021-08-18T21:16:25Z",
  "published": "2021-08-25T20:56:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36465"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fizyk20/generic-array/issues/98"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fizyk20/generic-array"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0146.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use after free in generic-array"
}

GHSA-3363-C452-8HXM

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.",
  "id": "GHSA-3363-c452-8hxm",
  "modified": "2022-05-24T19:13:32Z",
  "published": "2022-05-24T19:13:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1876"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212325"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212326"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212327"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.