CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-5X29-FWCC-JM29
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.
{
"affected": [],
"aliases": [
"CVE-2021-36081"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-01T03:15:00Z",
"severity": "HIGH"
},
"details": "Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.",
"id": "GHSA-5x29-fwcc-jm29",
"modified": "2022-05-24T19:06:45Z",
"published": "2022-05-24T19:06:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36081"
},
{
"type": "WEB",
"url": "https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698"
},
{
"type": "WEB",
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5X2R-RGF5-P2PP
Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33Memory corruption while handling file descriptor during listener registration/de-registration.
{
"affected": [],
"aliases": [
"CVE-2024-43066"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-07T11:15:48Z",
"severity": "HIGH"
},
"details": "Memory corruption while handling file descriptor during listener registration/de-registration.",
"id": "GHSA-5x2r-rgf5-p2pp",
"modified": "2025-04-07T12:33:17Z",
"published": "2025-04-07T12:33:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43066"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X56-7CPG-238G
Vulnerability from github – Published: 2023-12-19 15:30 – Updated: 2023-12-22 12:31A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
{
"affected": [],
"aliases": [
"CVE-2023-6862"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-19T14:15:07Z",
"severity": "HIGH"
},
"details": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6.",
"id": "GHSA-5x56-7cpg-238g",
"modified": "2023-12-22T12:31:46Z",
"published": "2023-12-19T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6862"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5581"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5582"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-54"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-55"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X6F-VHCG-X3VX
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-54906"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:16:02Z",
"severity": "HIGH"
},
"details": "Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.",
"id": "GHSA-5x6f-vhcg-x3vx",
"modified": "2025-09-09T18:31:22Z",
"published": "2025-09-09T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54906"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X8J-6M8P-FVGX
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 03:31In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.
{
"affected": [],
"aliases": [
"CVE-2022-50087"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:37Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails\n\nWhen scpi probe fails, at any point, we need to ensure that the scpi_info\nis not set and will remain NULL until the probe succeeds. If it is not\ntaken care, then it could result use-after-free as the value is exported\nvia get_scpi_ops() and could refer to a memory allocated via devm_kzalloc()\nbut freed when the probe fails.",
"id": "GHSA-5x8j-6m8p-fvgx",
"modified": "2025-11-18T03:31:13Z",
"published": "2025-06-18T12:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50087"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08272646cd7c310642c39b7f54348fddd7987643"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c29e149b6bb498778ed8a1c9597b51acfba7856"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18048cba444a7c41dbf42c180d6b46606fc24c51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f2d7b46d6b53c07f44a4f8f8f4438888f0e9e87"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/689640efc0a2c4e07e6f88affe6d42cd40cc3f85"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/87c4896d5dd7fd9927c814cf3c6289f41de3b562"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XG5-FFCR-C2CC
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-08-19 18:32In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client instance uninstall process, but acceletion engine device uninstall process still use it to trace runtime information. This causes a use after free problem.
So fixes it by check the instance register state to avoid use after free.
{
"affected": [],
"aliases": [
"CVE-2021-47596"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T15:15:54Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix use-after-free bug in hclgevf_send_mbx_msg\n\nCurrently, the hns3_remove function firstly uninstall client instance,\nand then uninstall acceletion engine device. The netdevice is freed in\nclient instance uninstall process, but acceletion engine device uninstall\nprocess still use it to trace runtime information. This causes a use after\nfree problem.\n\nSo fixes it by check the instance register state to avoid use after free.",
"id": "GHSA-5xg5-ffcr-c2cc",
"modified": "2024-08-19T18:32:03Z",
"published": "2024-06-19T15:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47596"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XH4-H2PM-54MV
Vulnerability from github – Published: 2026-07-02 00:31 – Updated: 2026-07-02 03:31Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-14403"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T23:16:48Z",
"severity": "HIGH"
},
"details": "Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-5xh4-h2pm-54mv",
"modified": "2026-07-02T03:31:26Z",
"published": "2026-07-02T00:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14403"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513298483"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XH9-FG67-82M2
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-08-03 00:00An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.
{
"affected": [],
"aliases": [
"CVE-2021-33453"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.",
"id": "GHSA-5xh9-fg67-82m2",
"modified": "2022-08-03T00:00:58Z",
"published": "2022-07-27T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33453"
},
{
"type": "WEB",
"url": "https://github.com/ckolivas/lrzip/issues/199"
},
{
"type": "WEB",
"url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XHV-W67W-545F
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
{
"affected": [],
"aliases": [
"CVE-2017-5380"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"id": "GHSA-5xhv-w67w-545f",
"modified": "2025-11-25T18:32:07Z",
"published": "2022-05-14T03:10:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5380"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1322107"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95769"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037693"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XJJ-CF5G-659H
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.
{
"affected": [],
"aliases": [
"CVE-2021-33468"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.",
"id": "GHSA-5xjj-cf5g-659h",
"modified": "2022-07-29T00:00:33Z",
"published": "2022-07-27T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33468"
},
{
"type": "WEB",
"url": "https://github.com/yasm/yasm/issues/162"
},
{
"type": "WEB",
"url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.