Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9813 vulnerabilities reference this CWE, most recent first.

GHSA-89MF-4CG3-W93V

Vulnerability from github – Published: 2024-10-09 15:32 – Updated: 2025-12-07 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: pm80xx: Set phy->enable_completion only when we wait for it

pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47666"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-09T15:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late.  After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.",
  "id": "GHSA-89mf-4cg3-w93v",
  "modified": "2025-12-07T00:30:55Z",
  "published": "2024-10-09T15:32:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47666"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a5d954802bda1aabcba49633cd94bad91c94113f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ddc501f4130f4baa787cb6cfa309af697179f475"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e23ee0cc5bded07e700553aecc333bb20c768546"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-89QQ-XM3R-9XGV

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5571.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9967"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-17T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5571.",
  "id": "GHSA-89qq-xm3r-9xgv",
  "modified": "2022-05-13T01:31:37Z",
  "published": "2022-05-13T01:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9967"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-351"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-89V2-8RJ2-3464

Vulnerability from github – Published: 2024-10-15 21:30 – Updated: 2024-10-16 21:31
VLAI
Details

Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9961"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-15T21:15:12Z",
    "severity": "HIGH"
  },
  "details": "Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-89v2-8rj2-3464",
  "modified": "2024-10-16T21:31:09Z",
  "published": "2024-10-15T21:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9961"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/357776197"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-89VH-WWVW-XXH6

Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2023-01-26 15:30
VLAI
Details

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-1031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-04-09T01:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017.",
  "id": "GHSA-89vh-wwvw-xxh6",
  "modified": "2023-01-26T15:30:32Z",
  "published": "2022-05-17T03:02:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1031"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/85926"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035509"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-89VP-6C77-3JR6

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40418"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:17:19Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-89vp-6c77-3jr6",
  "modified": "2026-05-12T18:30:46Z",
  "published": "2026-05-12T18:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40418"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40418"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-89X9-FP8H-WM3W

Vulnerability from github – Published: 2025-09-18 15:30 – Updated: 2025-12-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mlx5: fix possible ptp queue fifo use-after-free

Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARN_ON_ONCE covers future cases.

There were out-of-order cqe spotted which lead to drain of the queue and use-after-free because of lack of fifo pointers check. Special check and counter are added to avoid resync operation if SKB could not exist in the fifo because of OOO cqe (skb_id must be between consumer and producer index).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53398"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:43Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlx5: fix possible ptp queue fifo use-after-free\n\nFifo indexes are not checked during pop operations and it leads to\npotential use-after-free when poping from empty queue. Such case was\npossible during re-sync action. WARN_ON_ONCE covers future cases.\n\nThere were out-of-order cqe spotted which lead to drain of the queue and\nuse-after-free because of lack of fifo pointers check. Special check and\ncounter are added to avoid resync operation if SKB could not exist in the\nfifo because of OOO cqe (skb_id must be between consumer and producer\nindex).",
  "id": "GHSA-89x9-fp8h-wm3w",
  "modified": "2025-12-12T21:31:31Z",
  "published": "2025-09-18T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53398"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a50cf1e8e5157b82268eee7e330dbe5736a0948"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/52e6e7a0bc04c85012a9251c7cf2d444a77eb966"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6afdedc4e66e3846ce497744f01b95c34bf39d21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8C2H-4VMR-78G7

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06
VLAI
Details

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-09T06:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-8c2h-4vmr-78g7",
  "modified": "2022-05-13T01:06:32Z",
  "published": "2022-05-13T01:06:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11215"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:3222"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-13"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101837"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039778"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8C3F-97RX-RMCP

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35
VLAI
Details

Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:16:53Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
  "id": "GHSA-8c3f-97rx-rmcp",
  "modified": "2026-07-01T15:35:00Z",
  "published": "2026-07-01T00:34:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13788"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/523119897"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8C4W-J52Q-J4JQ

Vulnerability from github – Published: 2025-07-10 15:31 – Updated: 2026-05-12 15:30
VLAI
Details

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T14:15:27Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
  "id": "GHSA-8c4w-j52q-j4jq",
  "modified": "2026-05-12T15:30:57Z",
  "published": "2025-07-10T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:14858"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:15308"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:15672"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:15827"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:15828"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:18219"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21885"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21913"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:0934"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:11503"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-7425"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2025:12345"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:12447"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:12450"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13267"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13308"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13309"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13310"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13311"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13312"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13313"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13314"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13335"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13464"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:13622"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:14059"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:14396"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:14818"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:14819"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:14853"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/30"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/35"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Jul/37"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/07/11/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8C5R-55P8-8P8M

Vulnerability from github – Published: 2024-10-28 21:30 – Updated: 2026-04-02 21:31
VLAI
Details

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-28T21:15:08Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.",
  "id": "GHSA-8c5r-55p8-8p8m",
  "modified": "2026-04-02T21:31:59Z",
  "published": "2024-10-28T21:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44285"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121563"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121564"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121565"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121566"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121569"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/16"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.