Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-8P2W-C42W-3MFV

Vulnerability from github – Published: 2024-01-02 06:30 – Updated: 2024-01-02 06:30
VLAI
Details

Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33108"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-02T06:15:11Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.",
  "id": "GHSA-8p2w-c42w-3mfv",
  "modified": "2024-01-02T06:30:31Z",
  "published": "2024-01-02T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33108"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P55-C2P4-C8HP

Vulnerability from github – Published: 2024-10-07 15:31 – Updated: 2024-10-07 15:31
VLAI
Details

Memory corruption while processing user packets to generate page faults.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-07T13:15:14Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while processing user packets to generate page faults.",
  "id": "GHSA-8p55-c2p4-c8hp",
  "modified": "2024-10-07T15:31:39Z",
  "published": "2024-10-07T15:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38399"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P56-6Q52-JGV2

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

blk-mq: use quiesced elevator switch when reinitializing queues

The hctx's run_work may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents requests from allocating and doesn't stop the hctx work from running. The work may get an elevator pointer that's being torn down, and can result in use-after-free errors and kernel panics (example below). Use the quiesced elevator switch instead, and make the previous one static since it is now only used locally.

nvme nvme0: resetting controller nvme nvme0: 32/0/0 default/read/poll queues BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 80000020c8861067 P4D 80000020c8861067 PUD 250f8c8067 PMD 0 Oops: 0000 [#1] SMP PTI Workqueue: kblockd blk_mq_run_work_fn RIP: 0010:kyber_has_work+0x29/0x70

...

Call Trace: __blk_mq_do_dispatch_sched+0x83/0x2b0 __blk_mq_sched_dispatch_requests+0x12e/0x170 blk_mq_sched_dispatch_requests+0x30/0x60 __blk_mq_run_hw_queue+0x2b/0x50 process_one_work+0x1ef/0x380 worker_thread+0x2d/0x3e0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:41Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: use quiesced elevator switch when reinitializing queues\n\nThe hctx\u0027s run_work may be racing with the elevator switch when\nreinitializing hardware queues. The queue is merely frozen in this\ncontext, but that only prevents requests from allocating and doesn\u0027t\nstop the hctx work from running. The work may get an elevator pointer\nthat\u0027s being torn down, and can result in use-after-free errors and\nkernel panics (example below). Use the quiesced elevator switch instead,\nand make the previous one static since it is now only used locally.\n\n  nvme nvme0: resetting controller\n  nvme nvme0: 32/0/0 default/read/poll queues\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 80000020c8861067 P4D 80000020c8861067 PUD 250f8c8067 PMD 0\n  Oops: 0000 [#1] SMP PTI\n  Workqueue: kblockd blk_mq_run_work_fn\n  RIP: 0010:kyber_has_work+0x29/0x70\n\n...\n\n  Call Trace:\n   __blk_mq_do_dispatch_sched+0x83/0x2b0\n   __blk_mq_sched_dispatch_requests+0x12e/0x170\n   blk_mq_sched_dispatch_requests+0x30/0x60\n   __blk_mq_run_hw_queue+0x2b/0x50\n   process_one_work+0x1ef/0x380\n   worker_thread+0x2d/0x3e0",
  "id": "GHSA-8p56-6q52-jgv2",
  "modified": "2026-06-01T18:31:21Z",
  "published": "2025-10-07T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50552"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f90015383cd3f1128bebfbe7a97122d97808046"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63a681bcc32a43528ce0f690569f7f48e59c3963"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8237c01f1696bc53c470493bf1fe092a107648a6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9646443f28f33ec545ae303e613c3f476fad4dc1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c478b3b2900f1834cf9eda5bfef0d5696099505d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P58-276H-XQQ5

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-01-06 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/reg_sr: Remove register pool

That pool implementation doesn't really work: if the krealloc happens to move the memory and return another address, the entries in the xarray become invalid, leading to use-after-free later:

BUG: KASAN: slab-use-after-free in xe_reg_sr_apply_mmio+0x570/0x760 [xe]
Read of size 4 at addr ffff8881244b2590 by task modprobe/2753

Allocated by task 2753:
 kasan_save_stack+0x39/0x70
 kasan_save_track+0x14/0x40
 kasan_save_alloc_info+0x37/0x60
 __kasan_kmalloc+0xc3/0xd0
 __kmalloc_node_track_caller_noprof+0x200/0x6d0
 krealloc_noprof+0x229/0x380

Simplify the code to fix the bug. A better pooling strategy may be added back later if needed.

(cherry picked from commit e5283bd4dfecbd3335f43b62a68e24dae23f59e4)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56652"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T15:15:25Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/reg_sr: Remove register pool\n\nThat pool implementation doesn\u0027t really work: if the krealloc happens to\nmove the memory and return another address, the entries in the xarray\nbecome invalid, leading to use-after-free later:\n\n\tBUG: KASAN: slab-use-after-free in xe_reg_sr_apply_mmio+0x570/0x760 [xe]\n\tRead of size 4 at addr ffff8881244b2590 by task modprobe/2753\n\n\tAllocated by task 2753:\n\t kasan_save_stack+0x39/0x70\n\t kasan_save_track+0x14/0x40\n\t kasan_save_alloc_info+0x37/0x60\n\t __kasan_kmalloc+0xc3/0xd0\n\t __kmalloc_node_track_caller_noprof+0x200/0x6d0\n\t krealloc_noprof+0x229/0x380\n\nSimplify the code to fix the bug. A better pooling strategy may be added\nback later if needed.\n\n(cherry picked from commit e5283bd4dfecbd3335f43b62a68e24dae23f59e4)",
  "id": "GHSA-8p58-276h-xqq5",
  "modified": "2025-01-06T21:30:50Z",
  "published": "2024-12-27T15:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56652"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0193a31a0ca5a0f9e60bb4a86537d46b98111b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7b028656c29b22fcde1c6ee1df5b28fbba987b5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P74-H597-P9V6

Vulnerability from github – Published: 2022-05-12 00:00 – Updated: 2022-05-12 00:00
VLAI
Details

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27796"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-11T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-8p74-h597-p9v6",
  "modified": "2022-05-12T00:00:41Z",
  "published": "2022-05-12T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27796"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-16.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P7H-VJM2-XPWW

Vulnerability from github – Published: 2022-05-17 01:10 – Updated: 2025-04-12 12:57
VLAI
Details

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-0997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-03-12T15:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK \u0026 Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.",
  "id": "GHSA-8p7h-vjm2-xpww",
  "modified": "2025-04-12T12:57:42Z",
  "published": "2022-05-17T01:10:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0997"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201603-07"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39613"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/84312"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035251"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P9P-333G-F2CC

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Use after free in Bookmarks in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30623"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-03T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Bookmarks in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-8p9p-333g-f2cc",
  "modified": "2022-05-24T19:12:57Z",
  "published": "2022-05-24T19:12:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30623"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1223667"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30623"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8P9R-XRM6-68WQ

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2025-11-04 00:30
VLAI
Details

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-01T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).",
  "id": "GHSA-8p9r-xrm6-68wq",
  "modified": "2025-11-04T00:30:29Z",
  "published": "2022-05-24T19:06:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36084"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250207-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PC7-J27M-5M6C

Vulnerability from github – Published: 2023-07-19 15:30 – Updated: 2024-04-04 06:17
VLAI
Details

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-19T14:15:10Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.",
  "id": "GHSA-8pc7-j27m-5m6c",
  "modified": "2024-04-04T06:17:00Z",
  "published": "2023-07-19T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33876"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1796"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PF4-F4W9-6H78

Vulnerability from github – Published: 2022-09-27 00:00 – Updated: 2025-05-21 21:31
VLAI
Details

Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-26T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-8pf4-f4w9-6h78",
  "modified": "2025-05-21T21:31:08Z",
  "published": "2022-09-27T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3040"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1341539"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202209-23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.