Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-3GH6-5QQW-C955

Vulnerability from github – Published: 2023-01-13 00:30 – Updated: 2023-01-13 00:30
VLAI
Details

A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22402"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-13T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if \"bgp auto-discovery\" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.",
  "id": "GHSA-3gh6-5qqw-c955",
  "modified": "2023-01-13T00:30:37Z",
  "published": "2023-01-13T00:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22402"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA70198"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GHC-CW76-H292

Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08
VLAI
Details

Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-11T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-3ghc-cw76-h292",
  "modified": "2022-05-24T17:08:42Z",
  "published": "2022-05-24T17:08:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6406"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0514"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1042254"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-08"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4638"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GM2-XQPG-6JW8

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-06 18:30
VLAI
Details

Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T23:17:05Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-3gm2-xqpg-6jw8",
  "modified": "2026-06-06T18:30:22Z",
  "published": "2026-06-05T00:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11012"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/497000161"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GM9-Q84V-WVVW

Vulnerability from github – Published: 2023-04-12 21:30 – Updated: 2023-04-12 21:30
VLAI
Details

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26424"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-12T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-3gm9-q84v-wvvw",
  "modified": "2023-04-12T21:30:18Z",
  "published": "2023-04-12T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26424"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-24.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GMX-64G9-PC2Q

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-1809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-09T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",
  "id": "GHSA-3gmx-64g9-pc2q",
  "modified": "2022-05-13T01:26:21Z",
  "published": "2022-05-13T01:26:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1809"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67892"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14692"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=75496"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/72779"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44829"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48129"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3GP7-XP89-JXH5

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25
VLAI
Details

In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-11T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722",
  "id": "GHSA-3gp7-xp89-jxh5",
  "modified": "2022-05-24T17:25:15Z",
  "published": "2022-05-24T17:25:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0242"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2020-08-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3GQX-RV8X-9M5C

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-02-11 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix race in concurrent f2fs_stop_gc_thread

In my test case, concurrent calls to f2fs shutdown report the following stack trace:

Oops: general protection fault, probably for non-canonical address 0xc6cfff63bb5513fc: 0000 [#1] PREEMPT SMP PTI CPU: 0 UID: 0 PID: 678 Comm: f2fs_rep_shutdo Not tainted 6.12.0-rc5-next-20241029-g6fb2fa9805c5-dirty #85 Call Trace: ? show_regs+0x8b/0xa0 ? __die_body+0x26/0xa0 ? die_addr+0x54/0x90 ? exc_general_protection+0x24b/0x5c0 ? asm_exc_general_protection+0x26/0x30 ? kthread_stop+0x46/0x390 f2fs_stop_gc_thread+0x6c/0x110 f2fs_do_shutdown+0x309/0x3a0 f2fs_ioc_shutdown+0x150/0x1c0 __f2fs_ioctl+0xffd/0x2ac0 f2fs_ioctl+0x76/0xe0 vfs_ioctl+0x23/0x60 __x64_sys_ioctl+0xce/0xf0 x64_sys_call+0x2b1b/0x4540 do_syscall_64+0xa7/0x240 entry_SYSCALL_64_after_hwframe+0x76/0x7e

The root cause is a race condition in f2fs_stop_gc_thread() called from different f2fs shutdown paths:

[CPU0] [CPU1] ---------------------- ----------------------- f2fs_stop_gc_thread f2fs_stop_gc_thread gc_th = sbi->gc_thread gc_th = sbi->gc_thread kfree(gc_th) sbi->gc_thread = NULL < gc_th != NULL > kthread_stop(gc_th->f2fs_gc_task) //UAF

The commit c7f114d864ac ("f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()") attempted to fix this issue by using a read semaphore to prevent races between shutdown and remount threads, but it fails to prevent all race conditions.

Fix it by converting to write lock of s_umount in f2fs_do_shutdown().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T14:15:29Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix race in concurrent f2fs_stop_gc_thread\n\nIn my test case, concurrent calls to f2fs shutdown report the following\nstack trace:\n\n Oops: general protection fault, probably for non-canonical address 0xc6cfff63bb5513fc: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 UID: 0 PID: 678 Comm: f2fs_rep_shutdo Not tainted 6.12.0-rc5-next-20241029-g6fb2fa9805c5-dirty #85\n Call Trace:\n  \u003cTASK\u003e\n  ? show_regs+0x8b/0xa0\n  ? __die_body+0x26/0xa0\n  ? die_addr+0x54/0x90\n  ? exc_general_protection+0x24b/0x5c0\n  ? asm_exc_general_protection+0x26/0x30\n  ? kthread_stop+0x46/0x390\n  f2fs_stop_gc_thread+0x6c/0x110\n  f2fs_do_shutdown+0x309/0x3a0\n  f2fs_ioc_shutdown+0x150/0x1c0\n  __f2fs_ioctl+0xffd/0x2ac0\n  f2fs_ioctl+0x76/0xe0\n  vfs_ioctl+0x23/0x60\n  __x64_sys_ioctl+0xce/0xf0\n  x64_sys_call+0x2b1b/0x4540\n  do_syscall_64+0xa7/0x240\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe root cause is a race condition in f2fs_stop_gc_thread() called from\ndifferent f2fs shutdown paths:\n\n  [CPU0]                       [CPU1]\n  ----------------------       -----------------------\n  f2fs_stop_gc_thread          f2fs_stop_gc_thread\n                                 gc_th = sbi-\u003egc_thread\n    gc_th = sbi-\u003egc_thread\n    kfree(gc_th)\n    sbi-\u003egc_thread = NULL\n                                 \u003c gc_th != NULL \u003e\n                                 kthread_stop(gc_th-\u003ef2fs_gc_task) //UAF\n\nThe commit c7f114d864ac (\"f2fs: fix to avoid use-after-free in\nf2fs_stop_gc_thread()\") attempted to fix this issue by using a read\nsemaphore to prevent races between shutdown and remount threads, but\nit fails to prevent all race conditions.\n\nFix it by converting to write lock of s_umount in f2fs_do_shutdown().",
  "id": "GHSA-3gqx-rv8x-9m5c",
  "modified": "2025-02-11T18:31:22Z",
  "published": "2024-12-27T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53218"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/60457ed6c67625c87861f96912b4179dc2293896"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/794fa8792d4eacac191f1cbcc2e81b7369e4662a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b0033dbc48340a1c1c3f12448ba17d6587ca092"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c631207897a9b3d41167ceca58e07f8f94720e42"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GR3-G4VV-XF2R

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14
VLAI
Details

Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-13T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-3gr3-g4vv-xf2r",
  "modified": "2022-05-24T17:14:05Z",
  "published": "2022-05-24T17:14:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6423"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1043446"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4714"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GR5-MVFP-P295

Vulnerability from github – Published: 2022-09-27 00:00 – Updated: 2025-05-22 15:34
VLAI
Details

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-26T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-3gr5-mvfp-p295",
  "modified": "2025-05-22T15:34:42Z",
  "published": "2022-09-27T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2857"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1338135"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/40060030"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GRJ-6WJ3-QGC3

Vulnerability from github – Published: 2022-05-14 03:54 – Updated: 2022-05-14 03:54
VLAI
Details

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-3083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-20T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-3grj-6wj3-qgc3",
  "modified": "2022-05-14T03:54:32Z",
  "published": "2022-05-14T03:54:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3083"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1439"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201707-15"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99023"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038655"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.