CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-8CJF-6CCP-MXF7
Vulnerability from github – Published: 2026-07-09 00:31 – Updated: 2026-07-09 12:30Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2026-15112"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-08T23:16:52Z",
"severity": "HIGH"
},
"details": "Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-8cjf-6ccp-mxf7",
"modified": "2026-07-09T12:30:26Z",
"published": "2026-07-09T00:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15112"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/518006275"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CJP-PFR2-HJWJ
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2025-11-03 21:30A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
{
"affected": [],
"aliases": [
"CVE-2021-42384"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-15T21:15:00Z",
"severity": "HIGH"
},
"details": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function",
"id": "GHSA-8cjp-pfr2-hjwj",
"modified": "2025-11-03T21:30:35Z",
"published": "2022-05-24T19:20:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42384"
},
{
"type": "WEB",
"url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
},
{
"type": "WEB",
"url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211223-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CM5-G2J6-FH65
Vulnerability from github – Published: 2023-09-07 15:30 – Updated: 2024-04-04 07:32Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-43753"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-07T13:15:08Z",
"severity": "HIGH"
},
"details": "Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-8cm5-g2j6-fh65",
"modified": "2024-04-04T07:32:51Z",
"published": "2023-09-07T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43753"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/lightroom/apsb21-119.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8CPX-R29V-JX66
Vulnerability from github – Published: 2026-06-09 00:33 – Updated: 2026-06-09 03:31Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-11657"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T00:16:48Z",
"severity": "HIGH"
},
"details": "Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-8cpx-r29v-jx66",
"modified": "2026-06-09T03:31:39Z",
"published": "2026-06-09T00:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11657"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513465272"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CV3-RQQW-VW5M
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2023-02-01 21:30ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable.
{
"affected": [],
"aliases": [
"CVE-2019-3994"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-17T22:15:00Z",
"severity": "MODERATE"
},
"details": "ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable.",
"id": "GHSA-8cv3-rqqw-vw5m",
"modified": "2023-02-01T21:30:23Z",
"published": "2022-05-24T17:03:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3994"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2019-53"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CWM-XPR3-W5V6
Vulnerability from github – Published: 2022-05-12 00:00 – Updated: 2022-05-12 00:00Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-27800"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-11T18:15:00Z",
"severity": "HIGH"
},
"details": "Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-8cwm-xpr3-w5v6",
"modified": "2022-05-12T00:00:47Z",
"published": "2022-05-12T00:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27800"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-16.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CXJ-R9Q9-5953
Vulnerability from github – Published: 2025-08-27 00:31 – Updated: 2025-08-27 15:33In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-22405"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T23:15:33Z",
"severity": "HIGH"
},
"details": "In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-8cxj-r9q9-5953",
"modified": "2025-08-27T15:33:15Z",
"published": "2025-08-27T00:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22405"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/806774b1cf641e0c0e7df8024e327febf23d7d7c"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8F24-6M29-WM2R
Vulnerability from github – Published: 2024-01-17 20:32 – Updated: 2024-01-17 20:32The implementation of the [Instrumented::into_inner] method in affected versions of this crate contains undefined behavior due to incorrect use of [std::mem::forget] The function creates *const pointers to self, calls [mem::forget(self)][std::mem::forget], and then moves values out of those pointers using [std::ptr::read].
// To manually destructure `Instrumented` without `Drop`, we
// move it into a ManuallyDrop and use pointers to its fields
let span: *const Span = &this.span;
let inner: *const ManuallyDrop<T> = &this.inner;
mem::forget(self);
// SAFETY: Those pointers are valid for reads, because `Drop` didn't
// run, and properly aligned, because `Instrumented` isn't
// `#[repr(packed)]`.
let _span = unsafe { span.read() };
let inner = unsafe { inner.read() };
However, the [mem::forget documentation][std::mem::forget] states:
Any resources the value manages, such as heap memory or a file handle, will linger forever in an unreachable state. However, it does not guarantee that pointers to this memory will remain valid.
This means that these pointers are no longer valid. This could result in a stack use-after-free if LLVM chooses to reuse self's stack slot for a rebinding after the call to [std::mem::forget].
This undefined behavior has not been observed to cause miscompilation as of Rust 1.73.0. However, any use of this method with the affected versions of tracing are unsound.
The flaw was corrected in commit 20a1762 (PR #2765) by replacing the use of [std::mem::forget] with std::mem::ManuallyDrop, ensuring that the stack slot is not reused and the pointers remain valid when they are read. The fix is
published in tracing v0.1.40. Affected versions have been yanked from crates.io.
Thanks to Taylor Cramer and Manish Goregaokar for finding and correcting this issue!
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "tracing"
},
"ranges": [
{
"events": [
{
"introduced": "0.1.38"
},
{
"fixed": "0.1.40"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-17T20:32:35Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The implementation of the [`Instrumented::into_inner`] method in affected versions of this crate contains undefined behavior due to incorrect use of [`std::mem::forget`] The function creates `*const` pointers to `self`, calls [`mem::forget(self)`][`std::mem::forget`], and then moves values out of those pointers using [`std::ptr::read`].\n\n```rust\n// To manually destructure `Instrumented` without `Drop`, we\n// move it into a ManuallyDrop and use pointers to its fields\nlet span: *const Span = \u0026this.span;\nlet inner: *const ManuallyDrop\u003cT\u003e = \u0026this.inner;\nmem::forget(self);\n// SAFETY: Those pointers are valid for reads, because `Drop` didn\u0027t\n// run, and properly aligned, because `Instrumented` isn\u0027t\n// `#[repr(packed)]`.\nlet _span = unsafe { span.read() };\nlet inner = unsafe { inner.read() };\n```\n\nHowever, the [`mem::forget` documentation][`std::mem::forget`] states:\n\n\u003e Any resources the value manages, such as heap memory or a file handle, will\n\u003e linger forever in an unreachable state. **However, it does not guarantee that\n\u003e pointers to this memory will remain valid.**\n\nThis means that these pointers are no longer valid. This could result in a stack use-after-free if LLVM chooses to reuse `self`\u0027s stack slot for a rebinding after the call to [`std::mem::forget`].\n\nThis undefined behavior has not been observed to cause miscompilation as of Rust 1.73.0. However, any use of this method with the affected versions of `tracing` are unsound.\n\nThe flaw was corrected in commit [20a1762] ([PR #2765]) by replacing the use of [`std::mem::forget`] with `std::mem::ManuallyDrop`, ensuring that the stack slot is not reused and the pointers remain valid when they are read. The fix is\npublished in `tracing` [v0.1.40]. Affected versions have been yanked from crates.io.\n\nThanks to [Taylor Cramer] and [Manish Goregaokar] for finding and correcting\nthis issue!\n\n[`Instrumented::into_inner`]:\n https://docs.rs/tracing/latest/tracing/instrument/struct.Instrumented.html#method.into_inner\n[`std::mem::forget`]: https://doc.rust-lang.org/std/mem/fn.forget.html\n[`std::ptr::read`]:\n https://doc.rust-lang.org/std/primitive.pointer.html#method.read-1\n[20a1762]:\n https://github.com/tokio-rs/tracing/commit/20a1762b3fd5f1fafead198fd18e469c68683721\n[PR #2765]: https://github.com/tokio-rs/tracing/pull/2765\n[v0.1.40]: https://crates.io/crates/tracing/0.1.40\n[Taylor Cramer]: https://github.com/cramertj\n[Manish Goregaokar]: https://github.com/manishearth\n",
"id": "GHSA-8f24-6m29-wm2r",
"modified": "2024-01-17T20:32:35Z",
"published": "2024-01-17T20:32:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tokio-rs/tracing/pull/2765"
},
{
"type": "WEB",
"url": "https://github.com/tokio-rs/tracing/commit/20a1762b3fd5f1fafead198fd18e469c68683721"
},
{
"type": "PACKAGE",
"url": "https://github.com/tokio-rs/tracing"
},
{
"type": "WEB",
"url": "https://github.com/tokio-rs/tracing/releases/tag/tracing-0.1.40"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0078.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "use-after-free in tracing "
}
GHSA-8F25-GJR3-MJJG
Vulnerability from github – Published: 2024-07-17 00:32 – Updated: 2024-07-19 15:31Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-3169"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-16T23:15:23Z",
"severity": "HIGH"
},
"details": "Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-8f25-gjr3-mjjg",
"modified": "2024-07-19T15:31:47Z",
"published": "2024-07-17T00:32:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3169"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/41491234"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8F37-RVXV-PH9H
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2024-11-27 21:32This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18543.
{
"affected": [],
"aliases": [
"CVE-2022-42408"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-26T18:59:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18543.",
"id": "GHSA-8f37-rvxv-ph9h",
"modified": "2024-11-27T21:32:38Z",
"published": "2023-01-26T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42408"
},
{
"type": "WEB",
"url": "https://www.tracker-software.com/product/pdf-xchange-editor/history"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1366"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.