CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9820 vulnerabilities reference this CWE, most recent first.
GHSA-6VPR-2CH7-H948
Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2025-04-20 03:35Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2017-3047"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-12T14:59:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine\u0027s annotation-related API. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-6vpr-2ch7-h948",
"modified": "2025-04-20T03:35:56Z",
"published": "2022-05-17T02:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3047"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97550"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-271"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VQ9-4G76-FWP8
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2020-11147"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-22T07:15:00Z",
"severity": "MODERATE"
},
"details": "Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile",
"id": "GHSA-6vq9-4g76-fwp8",
"modified": "2022-05-24T17:42:43Z",
"published": "2022-05-24T17:42:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11147"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6VQJ-7HPC-PVFJ
Vulnerability from github – Published: 2023-05-03 21:30 – Updated: 2024-04-04 03:47redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.
{
"affected": [],
"aliases": [
"CVE-2020-22429"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-03T20:15:09Z",
"severity": "HIGH"
},
"details": "redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.",
"id": "GHSA-6vqj-7hpc-pvfj",
"modified": "2024-04-04T03:47:16Z",
"published": "2023-05-03T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22429"
},
{
"type": "WEB",
"url": "https://burtonqin.github.io/posts/2023/04/CVE-2020-22429"
},
{
"type": "WEB",
"url": "https://gitlab.redox-os.org/redox-os/relibc/issues/159"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VQP-9FHP-H9JW
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subtype property of a Annotation object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6820.
{
"affected": [],
"aliases": [
"CVE-2018-17673"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-24T04:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the subtype property of a Annotation object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6820.",
"id": "GHSA-6vqp-9fhp-h9jw",
"modified": "2022-05-13T01:33:53Z",
"published": "2022-05-13T01:33:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17673"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VR6-9P4M-QV5V
Vulnerability from github – Published: 2022-05-14 03:19 – Updated: 2024-10-21 15:32Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.
{
"affected": [],
"aliases": [
"CVE-2016-5274"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-22T22:59:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird \u003c 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.",
"id": "GHSA-6vr6-9p4m-qv5v",
"modified": "2024-10-21T15:32:16Z",
"published": "2022-05-14T03:19:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5274"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1282076"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-86"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-88"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1912.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3674"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93049"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036852"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VRV-79WJ-RMVJ
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the mailForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20663.
{
"affected": [],
"aliases": [
"CVE-2023-42040"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:37Z",
"severity": "HIGH"
},
"details": "PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the mailForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20663.",
"id": "GHSA-6vrv-79wj-rmvj",
"modified": "2024-05-03T03:31:00Z",
"published": "2024-05-03T03:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42040"
},
{
"type": "WEB",
"url": "https://www.tracker-software.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1391"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VW3-QJC8-X8J8
Vulnerability from github – Published: 2023-03-10 12:30 – Updated: 2023-03-14 18:30The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
{
"affected": [],
"aliases": [
"CVE-2023-22436"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T11:15:00Z",
"severity": "HIGH"
},
"details": "The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.",
"id": "GHSA-6vw3-qjc8-x8j8",
"modified": "2023-03-14T18:30:21Z",
"published": "2023-03-10T12:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22436"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VW4-WCWF-H6G7
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:54An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.
{
"affected": [],
"aliases": [
"CVE-2018-20353"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-10T17:29:00Z",
"severity": "CRITICAL"
},
"details": "An invalid read of 8 bytes due to a use-after-free vulnerability during a \"NULL test\" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.",
"id": "GHSA-6vw4-wcwf-h6g7",
"modified": "2024-04-04T00:54:46Z",
"published": "2022-05-24T16:47:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20353"
},
{
"type": "WEB",
"url": "https://github.com/insi2304/mongoose-6.13-fuzz/blob/master/Simplest_Web_Server_Use_After_Free-read-mg_http_get_proto_data5932.png"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VWF-M72Q-CW8H
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2025-04-17 15:32A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
{
"affected": [],
"aliases": [
"CVE-2018-16840"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-31T18:29:00Z",
"severity": "CRITICAL"
},
"details": "A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.",
"id": "GHSA-6vwf-m72q-cw8h",
"modified": "2025-04-17T15:32:25Z",
"published": "2022-05-13T01:34:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/docs/CVE-2018-16840.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3805-1"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1042013"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VWM-9RMV-MWWV
Vulnerability from github – Published: 2024-06-25 15:31 – Updated: 2024-09-03 18:31In the Linux kernel, the following vulnerability has been resolved:
genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference:
CPU0 CPU1
desc = mt_find()
delayed_free_desc(desc)
irq_desc_get_irq(desc)
The use-after-free is reported by KASAN:
Call trace:
irq_get_next_irq+0x58/0x84
show_stat+0x638/0x824
seq_read_iter+0x158/0x4ec
proc_reg_read_iter+0x94/0x12c
vfs_read+0x1e0/0x2c8
Freed by task 4471:
slab_free_freelist_hook+0x174/0x1e0
__kmem_cache_free+0xa4/0x1dc
kfree+0x64/0x128
irq_kobj_release+0x28/0x3c
kobject_put+0xcc/0x1e0
delayed_free_desc+0x14/0x2c
rcu_do_batch+0x214/0x720
Guard the access with a RCU read lock section.
{
"affected": [],
"aliases": [
"CVE-2024-38385"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-25T15:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()\n\nirq_find_at_or_after() dereferences the interrupt descriptor which is\nreturned by mt_find() while neither holding sparse_irq_lock nor RCU read\nlock, which means the descriptor can be freed between mt_find() and the\ndereference:\n\n CPU0 CPU1\n desc = mt_find()\n delayed_free_desc(desc)\n irq_desc_get_irq(desc)\n\nThe use-after-free is reported by KASAN:\n\n Call trace:\n irq_get_next_irq+0x58/0x84\n show_stat+0x638/0x824\n seq_read_iter+0x158/0x4ec\n proc_reg_read_iter+0x94/0x12c\n vfs_read+0x1e0/0x2c8\n\n Freed by task 4471:\n slab_free_freelist_hook+0x174/0x1e0\n __kmem_cache_free+0xa4/0x1dc\n kfree+0x64/0x128\n irq_kobj_release+0x28/0x3c\n kobject_put+0xcc/0x1e0\n delayed_free_desc+0x14/0x2c\n rcu_do_batch+0x214/0x720\n\nGuard the access with a RCU read lock section.",
"id": "GHSA-6vwm-9rmv-mwwv",
"modified": "2024-09-03T18:31:31Z",
"published": "2024-06-25T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38385"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.