CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-8W73-5H5M-J4F4
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-30576"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-03T20:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-8w73-5h5m-j4f4",
"modified": "2022-05-24T19:09:43Z",
"published": "2022-05-24T19:09:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30576"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1194896"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8WC2-54GH-PQ44
Vulnerability from github – Published: 2025-02-25 21:31 – Updated: 2025-02-25 21:31Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
{
"affected": [],
"aliases": [
"CVE-2024-27239"
],
"database_specific": {
"cwe_ids": [
"CWE-369",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-25T21:15:14Z",
"severity": "MODERATE"
},
"details": "Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.",
"id": "GHSA-8wc2-54gh-pq44",
"modified": "2025-02-25T21:31:44Z",
"published": "2025-02-25T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27239"
},
{
"type": "WEB",
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-8WC2-723Q-HF3G
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
ALSA: 6fire: fix use-after-free on disconnect
In usb6fire_chip_abort(), the chip struct is allocated as the card's private data (via snd_card_new with sizeof(struct sfire_chip)). When snd_card_free_when_closed() is called and no file handles are open, the card and embedded chip are freed synchronously. The subsequent chip->card = NULL write then hits freed slab memory.
Call trace: usb6fire_chip_abort sound/usb/6fire/chip.c:59 [inline] usb6fire_chip_disconnect+0x348/0x358 sound/usb/6fire/chip.c:182 usb_unbind_interface+0x1a8/0x88c drivers/usb/core/driver.c:458 ... hub_event+0x1a04/0x4518 drivers/usb/core/hub.c:5953
Fix by moving the card lifecycle out of usb6fire_chip_abort() and into usb6fire_chip_disconnect(). The card pointer is saved in a local before any teardown, snd_card_disconnect() is called first to prevent new opens, URBs are aborted while chip is still valid, and snd_card_free_when_closed() is called last so chip is never accessed after the card may be freed.
{
"affected": [],
"aliases": [
"CVE-2026-31581"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:32Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: fix use-after-free on disconnect\n\nIn usb6fire_chip_abort(), the chip struct is allocated as the card\u0027s\nprivate data (via snd_card_new with sizeof(struct sfire_chip)). When\nsnd_card_free_when_closed() is called and no file handles are open, the\ncard and embedded chip are freed synchronously. The subsequent\nchip-\u003ecard = NULL write then hits freed slab memory.\n\nCall trace:\n usb6fire_chip_abort sound/usb/6fire/chip.c:59 [inline]\n usb6fire_chip_disconnect+0x348/0x358 sound/usb/6fire/chip.c:182\n usb_unbind_interface+0x1a8/0x88c drivers/usb/core/driver.c:458\n ...\n hub_event+0x1a04/0x4518 drivers/usb/core/hub.c:5953\n\nFix by moving the card lifecycle out of usb6fire_chip_abort() and into\nusb6fire_chip_disconnect(). The card pointer is saved in a local\nbefore any teardown, snd_card_disconnect() is called first to prevent\nnew opens, URBs are aborted while chip is still valid, and\nsnd_card_free_when_closed() is called last so chip is never accessed\nafter the card may be freed.",
"id": "GHSA-8wc2-723q-hf3g",
"modified": "2026-06-01T18:31:25Z",
"published": "2026-04-24T15:32:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31581"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3dc20d1981d6a67d8184498a5da272942dde1e65"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/51f6532790b74ffdd6970bc848358a2838c1c185"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af75b486f7e883e3422ece23c8d727e6815144a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9c826916fdce6419b94eb0cd8810fdac18c2386"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ba88461f7653636c48321ca993006a74724c2f41"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d21e8a2af4869b5890b34e081d5aeadc93e9cd5c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e247a0e01d15ed420f77ec5e2335721bf430a5b3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e719232f4552e29de8027a83918ea94434be87af"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e88354b381e2006de63d6b052ed7005c9a47d00e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8WFH-QXXV-3Q8C
Vulnerability from github – Published: 2023-07-26 12:30 – Updated: 2023-07-31 19:01Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "paddlepaddle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-38669"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-26T22:30:22Z",
"nvd_published_at": "2023-07-26T10:15:11Z",
"severity": "HIGH"
},
"details": "Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.\n",
"id": "GHSA-8wfh-qxxv-3q8c",
"modified": "2023-07-31T19:01:32Z",
"published": "2023-07-26T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38669"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/commit/43981874f5e1683b855eab871092fa9be58d6a44"
},
{
"type": "PACKAGE",
"url": "https://github.com/PaddlePaddle/Paddle"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2023-122.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use after free in PaddlePaddle"
}
GHSA-8WHC-587X-J3FM
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.
{
"affected": [],
"aliases": [
"CVE-2020-18897"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-19T22:15:00Z",
"severity": "HIGH"
},
"details": "An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.",
"id": "GHSA-8whc-587x-j3fm",
"modified": "2022-05-24T19:11:50Z",
"published": "2022-05-24T19:11:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18897"
},
{
"type": "WEB",
"url": "https://github.com/libyal/libpff/issues/61"
},
{
"type": "WEB",
"url": "https://github.com/libyal/libpff/issues/62"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8WP6-6WH9-VFQP
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6532"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-21T20:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-8wp6-6wh9-vfqp",
"modified": "2022-05-24T17:29:05Z",
"published": "2022-05-24T17:29:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6532"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1104061"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-30"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4824"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8WPX-GVVH-8RCV
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 18:31Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-11080"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:17:12Z",
"severity": "HIGH"
},
"details": "Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-8wpx-gvvh-8rcv",
"modified": "2026-06-05T18:31:34Z",
"published": "2026-06-05T00:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11080"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/500032538"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8WQM-P249-4R57
Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2022-11-03 12:00Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chrome security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2022-3657"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-01T23:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chrome security severity: Medium)",
"id": "GHSA-8wqm-p249-4r57",
"modified": "2022-11-03T12:00:32Z",
"published": "2022-11-02T12:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3657"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1351177"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8WQR-J2G8-C494
Vulnerability from github – Published: 2022-05-14 03:56 – Updated: 2022-05-14 03:56WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
{
"affected": [],
"aliases": [
"CVE-2016-5171"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-25T20:59:00Z",
"severity": "HIGH"
},
"details": "WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",
"id": "GHSA-8wqr-j2g8-c494",
"modified": "2022-05-14T03:56:53Z",
"published": "2022-05-14T03:56:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5171"
},
{
"type": "WEB",
"url": "https://codereview.chromium.org/2306023002"
},
{
"type": "WEB",
"url": "https://crbug.com/643357"
},
{
"type": "WEB",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036826"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8WR4-7FJQ-4QXW
Vulnerability from github – Published: 2022-05-14 01:15 – Updated: 2022-05-14 01:15A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
{
"affected": [],
"aliases": [
"CVE-2018-0491"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-05T15:29:00Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.",
"id": "GHSA-8wr4-7fjq-4qxw",
"modified": "2022-05-14T01:15:18Z",
"published": "2022-05-14T01:15:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0491"
},
{
"type": "WEB",
"url": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915"
},
{
"type": "WEB",
"url": "https://trac.torproject.org/projects/tor/ticket/24700"
},
{
"type": "WEB",
"url": "https://trac.torproject.org/projects/tor/ticket/25117"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44994"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.