Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-5X29-FWCC-JM29

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-01T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.",
  "id": "GHSA-5x29-fwcc-jm29",
  "modified": "2022-05-24T19:06:45Z",
  "published": "2022-05-24T19:06:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36081"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5X2R-RGF5-P2PP

Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33
VLAI
Details

Memory corruption while handling file descriptor during listener registration/de-registration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T11:15:48Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while handling file descriptor during listener registration/de-registration.",
  "id": "GHSA-5x2r-rgf5-p2pp",
  "modified": "2025-04-07T12:33:17Z",
  "published": "2025-04-07T12:33:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43066"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5X56-7CPG-238G

Vulnerability from github – Published: 2023-12-19 15:30 – Updated: 2023-12-22 12:31
VLAI
Details

A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-19T14:15:07Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free was identified in the `nsDNSService::Init`.  This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR \u003c 115.6 and Thunderbird \u003c 115.6.",
  "id": "GHSA-5x56-7cpg-238g",
  "modified": "2023-12-22T12:31:46Z",
  "published": "2023-12-19T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6862"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-10"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5581"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5582"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-54"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-55"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5X6F-VHCG-X3VX

Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31
VLAI
Details

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-09T17:16:02Z",
    "severity": "HIGH"
  },
  "details": "Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-5x6f-vhcg-x3vx",
  "modified": "2025-09-09T18:31:22Z",
  "published": "2025-09-09T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54906"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54906"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5X8J-6M8P-FVGX

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 03:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails

When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:37Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails\n\nWhen scpi probe fails, at any point, we need to ensure that the scpi_info\nis not set and will remain NULL until the probe succeeds. If it is not\ntaken care, then it could result use-after-free as the value is exported\nvia get_scpi_ops() and could refer to a memory allocated via devm_kzalloc()\nbut freed when the probe fails.",
  "id": "GHSA-5x8j-6m8p-fvgx",
  "modified": "2025-11-18T03:31:13Z",
  "published": "2025-06-18T12:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50087"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08272646cd7c310642c39b7f54348fddd7987643"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c29e149b6bb498778ed8a1c9597b51acfba7856"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/18048cba444a7c41dbf42c180d6b46606fc24c51"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f2d7b46d6b53c07f44a4f8f8f4438888f0e9e87"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/689640efc0a2c4e07e6f88affe6d42cd40cc3f85"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87c4896d5dd7fd9927c814cf3c6289f41de3b562"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XG5-FFCR-C2CC

Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-08-19 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg

Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client instance uninstall process, but acceletion engine device uninstall process still use it to trace runtime information. This causes a use after free problem.

So fixes it by check the instance register state to avoid use after free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T15:15:54Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix use-after-free bug in hclgevf_send_mbx_msg\n\nCurrently, the hns3_remove function firstly uninstall client instance,\nand then uninstall acceletion engine device. The netdevice is freed in\nclient instance uninstall process, but acceletion engine device uninstall\nprocess still use it to trace runtime information. This causes a use after\nfree problem.\n\nSo fixes it by check the instance register state to avoid use after free.",
  "id": "GHSA-5xg5-ffcr-c2cc",
  "modified": "2024-08-19T18:32:03Z",
  "published": "2024-06-19T15:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47596"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XH4-H2PM-54MV

Vulnerability from github – Published: 2026-07-02 00:31 – Updated: 2026-07-02 03:31
VLAI
Details

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T23:16:48Z",
    "severity": "HIGH"
  },
  "details": "Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)",
  "id": "GHSA-5xh4-h2pm-54mv",
  "modified": "2026-07-02T03:31:26Z",
  "published": "2026-07-02T00:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14403"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/513298483"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XH9-FG67-82M2

Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-08-03 00:00
VLAI
Details

An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-26T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.",
  "id": "GHSA-5xh9-fg67-82m2",
  "modified": "2022-08-03T00:00:58Z",
  "published": "2022-07-27T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33453"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ckolivas/lrzip/issues/199"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XHV-W67W-545F

Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32
VLAI
Details

A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5380"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
  "id": "GHSA-5xhv-w67w-545f",
  "modified": "2025-11-25T18:32:07Z",
  "published": "2022-05-14T03:10:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5380"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1322107"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201702-13"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201702-22"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3771"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3832"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-01"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-02"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-03"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95769"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037693"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XJJ-CF5G-659H

Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00
VLAI
Details

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-26T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.",
  "id": "GHSA-5xjj-cf5g-659h",
  "modified": "2022-07-29T00:00:33Z",
  "published": "2022-07-27T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33468"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yasm/yasm/issues/162"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.