CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9813 vulnerabilities reference this CWE, most recent first.
GHSA-89MF-4CG3-W93V
Vulnerability from github – Published: 2024-10-09 15:32 – Updated: 2025-12-07 00:30In the Linux kernel, the following vulnerability has been resolved:
scsi: pm80xx: Set phy->enable_completion only when we wait for it
pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash.
{
"affected": [],
"aliases": [
"CVE-2024-47666"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-09T15:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late. After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.",
"id": "GHSA-89mf-4cg3-w93v",
"modified": "2025-12-07T00:30:55Z",
"published": "2024-10-09T15:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47666"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5d954802bda1aabcba49633cd94bad91c94113f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ddc501f4130f4baa787cb6cfa309af697179f475"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e23ee0cc5bded07e700553aecc333bb20c768546"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89QQ-XM3R-9XGV
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5571.
{
"affected": [],
"aliases": [
"CVE-2018-9967"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-17T15:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5571.",
"id": "GHSA-89qq-xm3r-9xgv",
"modified": "2022-05-13T01:31:37Z",
"published": "2022-05-13T01:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9967"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-351"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89V2-8RJ2-3464
Vulnerability from github – Published: 2024-10-15 21:30 – Updated: 2024-10-16 21:31Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2024-9961"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T21:15:12Z",
"severity": "HIGH"
},
"details": "Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-89v2-8rj2-3464",
"modified": "2024-10-16T21:31:09Z",
"published": "2024-10-15T21:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9961"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/357776197"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89VH-WWVW-XXH6
Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2023-01-26 15:30Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017.
{
"affected": [],
"aliases": [
"CVE-2016-1031"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-04-09T01:59:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017.",
"id": "GHSA-89vh-wwvw-xxh6",
"modified": "2023-01-26T15:30:32Z",
"published": "2022-05-17T03:02:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1031"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/85926"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035509"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89VP-6C77-3JR6
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-40418"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:17:19Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-89vp-6c77-3jr6",
"modified": "2026-05-12T18:30:46Z",
"published": "2026-05-12T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40418"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40418"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89X9-FP8H-WM3W
Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 21:31In the Linux kernel, the following vulnerability has been resolved:
mlx5: fix possible ptp queue fifo use-after-free
Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARN_ON_ONCE covers future cases.
There were out-of-order cqe spotted which lead to drain of the queue and use-after-free because of lack of fifo pointers check. Special check and counter are added to avoid resync operation if SKB could not exist in the fifo because of OOO cqe (skb_id must be between consumer and producer index).
{
"affected": [],
"aliases": [
"CVE-2023-53398"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T14:15:43Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlx5: fix possible ptp queue fifo use-after-free\n\nFifo indexes are not checked during pop operations and it leads to\npotential use-after-free when poping from empty queue. Such case was\npossible during re-sync action. WARN_ON_ONCE covers future cases.\n\nThere were out-of-order cqe spotted which lead to drain of the queue and\nuse-after-free because of lack of fifo pointers check. Special check and\ncounter are added to avoid resync operation if SKB could not exist in the\nfifo because of OOO cqe (skb_id must be between consumer and producer\nindex).",
"id": "GHSA-89x9-fp8h-wm3w",
"modified": "2025-12-12T21:31:31Z",
"published": "2025-09-18T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53398"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3a50cf1e8e5157b82268eee7e330dbe5736a0948"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/52e6e7a0bc04c85012a9251c7cf2d444a77eb966"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6afdedc4e66e3846ce497744f01b95c34bf39d21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8C2H-4VMR-78G7
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2017-11215"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-09T06:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-8c2h-4vmr-78g7",
"modified": "2022-05-13T01:06:32Z",
"published": "2022-05-13T01:06:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11215"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3222"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-13"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101837"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039778"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8C3F-97RX-RMCP
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2026-13788"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:16:53Z",
"severity": "HIGH"
},
"details": "Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-8c3f-97rx-rmcp",
"modified": "2026-07-01T15:35:00Z",
"published": "2026-07-01T00:34:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13788"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/523119897"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8C4W-J52Q-J4JQ
Vulnerability from github – Published: 2025-07-10 15:31 – Updated: 2026-05-12 15:30A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
{
"affected": [],
"aliases": [
"CVE-2025-7425"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T14:15:27Z",
"severity": "HIGH"
},
"details": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"id": "GHSA-8c4w-j52q-j4jq",
"modified": "2026-05-12T15:30:57Z",
"published": "2025-07-10T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15827"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15828"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21885"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21913"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11503"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2025:12345"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:12447"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:12450"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13267"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13308"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13309"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13310"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13311"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13312"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13313"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13314"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13335"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13464"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13622"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:14396"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Aug/0"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/30"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/35"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/37"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8C5R-55P8-8P8M
Vulnerability from github – Published: 2024-10-28 21:30 – Updated: 2026-04-02 21:31A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
{
"affected": [],
"aliases": [
"CVE-2024-44285"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-28T21:15:08Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.",
"id": "GHSA-8c5r-55p8-8p8m",
"modified": "2026-04-02T21:31:59Z",
"published": "2024-10-28T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44285"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121563"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121564"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121565"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121566"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121569"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/11"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/16"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.