CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-37JR-RXV8-WWQJ
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741
{
"affected": [],
"aliases": [
"CVE-2021-0535"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-22T11:15:00Z",
"severity": "MODERATE"
},
"details": "In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741",
"id": "GHSA-37jr-rxv8-wwqj",
"modified": "2022-05-24T19:05:57Z",
"published": "2022-05-24T19:05:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0535"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-06-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-37Q3-Q4GF-2HQ9
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616.
{
"affected": [],
"aliases": [
"CVE-2018-17630"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-24T04:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616.",
"id": "GHSA-37q3-q4gf-2hq9",
"modified": "2022-05-13T01:33:59Z",
"published": "2022-05-13T01:33:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17630"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-37Q5-6GPH-CR64
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6848.
{
"affected": [],
"aliases": [
"CVE-2018-17675"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-24T04:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6848.",
"id": "GHSA-37q5-6gph-cr64",
"modified": "2022-05-13T01:33:53Z",
"published": "2022-05-13T01:33:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17675"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1194"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-37QH-MJG8-558V
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
{
"affected": [],
"aliases": [
"CVE-2017-5376"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"id": "GHSA-37qh-mjg8-558v",
"modified": "2025-11-25T18:32:06Z",
"published": "2022-05-14T03:10:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5376"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1311687"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95758"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037693"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-37RG-3X55-7PMG
Vulnerability from github – Published: 2024-08-21 18:31 – Updated: 2024-08-21 18:31Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23702.
{
"affected": [],
"aliases": [
"CVE-2024-7722"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-21T16:15:10Z",
"severity": "LOW"
},
"details": "Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23702.",
"id": "GHSA-37rg-3x55-7pmg",
"modified": "2024-08-21T18:31:27Z",
"published": "2024-08-21T18:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7722"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1124"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-37RP-8P2J-8QQR
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6573"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-21T20:15:00Z",
"severity": "CRITICAL"
},
"details": "Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"id": "GHSA-37rp-8p2j-8qqr",
"modified": "2022-05-24T17:29:10Z",
"published": "2022-05-24T17:29:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6573"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1116304"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-30"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4824"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-37VJ-3F2G-F852
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:52An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.
{
"affected": [],
"aliases": [
"CVE-2018-21008"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-04T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.",
"id": "GHSA-37vj-3f2g-f852",
"modified": "2024-04-04T01:52:48Z",
"published": "2022-05-24T16:55:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21008"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abd39c6ded9db53aa44c2540092bdd5fb6590fa8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191004-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4162-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4162-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4163-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4163-2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-37VM-M2GX-6H3H
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4, allows a denial of service (application crash) because maintenance of the m_deferredFocusedNodeChange data structure mishandles removal.
{
"affected": [],
"aliases": [
"CVE-2020-10018"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-02T23:15:00Z",
"severity": "MODERATE"
},
"details": "accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4, allows a denial of service (application crash) because maintenance of the m_deferredFocusedNodeChange data structure mishandles removal.",
"id": "GHSA-37vm-m2gx-6h3h",
"modified": "2022-05-24T17:10:04Z",
"published": "2022-05-24T17:10:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10018"
},
{
"type": "WEB",
"url": "https://bugs.webkit.org/show_bug.cgi?id=204342"
},
{
"type": "WEB",
"url": "https://bugs.webkit.org/show_bug.cgi?id=204342#c21"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-08"
},
{
"type": "WEB",
"url": "https://trac.webkit.org/changeset/257292"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4310-1"
},
{
"type": "WEB",
"url": "https://webkitgtk.org/security/WSA-2020-0003.html"
},
{
"type": "WEB",
"url": "https://wpewebkit.org/security/WSA-2020-0003.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4641"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-37X6-37VF-QF3R
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-40406"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:17:18Z",
"severity": "HIGH"
},
"details": "Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-37x6-37vf-qf3r",
"modified": "2026-05-12T18:30:45Z",
"published": "2026-05-12T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40406"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40406"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-37X6-W9JV-C58Q
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).
{
"affected": [],
"aliases": [
"CVE-2021-41536"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-28T12:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Solid Edge SE2021 (All versions \u003c SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).",
"id": "GHSA-37x6-w9jv-c58q",
"modified": "2022-05-24T19:16:00Z",
"published": "2022-05-24T19:16:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41536"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1120"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.