CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-9658-C26V-7QVF
Vulnerability from github – Published: 2021-08-25 20:55 – Updated: 2021-08-19 16:50An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "yottadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-27377"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T16:50:37Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.",
"id": "GHSA-9658-c26v-7qvf",
"modified": "2021-08-19T16:50:37Z",
"published": "2021-08-25T20:55:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27377"
},
{
"type": "PACKAGE",
"url": "https://gitlab.com/YottaDB/Lang/YDBRust"
},
{
"type": "WEB",
"url": "https://gitlab.com/YottaDB/Lang/YDBRust/-/issues/40"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use-after-free in yottadb"
}
GHSA-9666-4JM7-QVR8
Vulnerability from github – Published: 2022-08-18 00:00 – Updated: 2022-08-20 00:00Use After Free in GitHub repository vim/vim prior to 9.0.0220.
{
"affected": [],
"aliases": [
"CVE-2022-2862"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-17T20:15:00Z",
"severity": "HIGH"
},
"details": "Use After Free in GitHub repository vim/vim prior to 9.0.0220.",
"id": "GHSA-9666-4jm7-qvr8",
"modified": "2022-08-20T00:00:51Z",
"published": "2022-08-18T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2862"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9692-35CP-X87F
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-10 19:01Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2022-3449"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-09T19:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)",
"id": "GHSA-9692-35cp-x87f",
"modified": "2022-11-10T19:01:09Z",
"published": "2022-11-10T12:01:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3449"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1364662"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-969C-XCR8-6F87
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{
"affected": [],
"aliases": [
"CVE-2020-14351"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-03T17:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GHSA-969c-xcr8-6f87",
"modified": "2022-05-24T17:35:07Z",
"published": "2022-05-24T17:35:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14351"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1862849"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-96FF-3RWM-724G
Vulnerability from github – Published: 2025-11-05 21:31 – Updated: 2026-03-12 03:31A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.
{
"affected": [],
"aliases": [
"CVE-2023-43000"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-05T19:15:47Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.",
"id": "GHSA-96ff-3rwm-724g",
"modified": "2026-03-12T03:31:05Z",
"published": "2025-11-05T21:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43000"
},
{
"type": "WEB",
"url": "https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120324"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120331"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120338"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126632"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-96G4-W779-W67G
Vulnerability from github – Published: 2025-06-10 21:31 – Updated: 2025-06-10 21:31Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-43574"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T19:15:32Z",
"severity": "HIGH"
},
"details": "Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-96g4-w779-w67g",
"modified": "2025-06-10T21:31:22Z",
"published": "2025-06-10T21:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43574"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb25-57.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-96HG-7P79-GGX2
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-07-15 03:32In the Linux kernel, the following vulnerability has been resolved:
xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
KASAN reproduces a slab-use-after-free in __xfrm_state_delete()'s hlist_del_rcu calls under syzkaller load on linux-6.12.y stable (reproduced on 6.12.47, also reachable via the same code path on torvalds/master and on the ipsec tree). Nine unique signatures cluster in the xfrm_state lifecycle, the load-bearing one being:
BUG: KASAN: slab-use-after-free in __hlist_del include/linux/list.h:990 [inline] BUG: KASAN: slab-use-after-free in hlist_del_rcu include/linux/rculist.h:516 [inline] BUG: KASAN: slab-use-after-free in __xfrm_state_delete net/xfrm/xfrm_state.c Write of size 8 at addr ffff8881198bcb70 by task kworker/u8:9/435
Workqueue: netns cleanup_net Call Trace: __hlist_del / hlist_del_rcu __xfrm_state_delete xfrm_state_delete xfrm_state_flush xfrm_state_fini ops_exit_list cleanup_net
The other observed signatures hit the same slab object from __xfrm_state_lookup, xfrm_alloc_spi, __xfrm_state_insert and an OOB write variant of __xfrm_state_delete, all on the byseq/byspi hash chains.
__xfrm_state_delete() guards its byseq and byspi unhashes with value-based predicates:
if (x->km.seq)
hlist_del_rcu(&x->byseq);
if (x->id.spi)
hlist_del_rcu(&x->byspi);
while everywhere else in the file (e.g. state_cache, state_cache_input) the safer hlist_unhashed() check is used. xfrm_alloc_spi() sets x->id.spi = newspi inside xfrm_state_lock and then immediately inserts into byspi, but a path that observes x->id.spi != 0 outside of xfrm_state_lock can still skip-or-hit the byspi unhash inconsistently with whether x is actually on the list. The same holds for x->km.seq versus byseq, and the bydst/bysrc unhashes have no predicate at all, so a second __xfrm_state_delete() on the same object writes through LIST_POISON pprev.
The defensive change here:
- Use hlist_del_init_rcu() instead of hlist_del_rcu() on bydst, bysrc, byseq and byspi so a second deletion is a no-op rather than a write through LIST_POISON pprev. The byseq/byspi nodes are already initialised in xfrm_state_alloc().
- Test hlist_unhashed() rather than the value predicate for byseq/byspi, so the unhash decision tracks list state rather than mutable scalar fields.
Empirical verification: applied this patch on top of v6.12.47, rebuilt, and re-ran the same syzkaller harness for 1h16m on a previously-crashy configuration that produced ~100 hits each of slab-use-after-free Read in xfrm_alloc_spi / Read in __xfrm_state_lookup / Write in __xfrm_state_delete. After the patch, 7.1M execs across 32 VMs at ~1550 exec/sec produced zero xfrm_state UAF/OOB hits. /proc/slabinfo confirms the xfrm_state slab is actively allocated and freed during the run (~143 KiB resident), so the fuzzer is still exercising those code paths -- they just no longer crash.
Reproduction:
- Linux 6.12.47 x86_64 + KASAN_GENERIC + KASAN_INLINE + KCOV
- syzkaller @ 746545b8b1e4c3a128db8652b340d3df90ce61db
- 32 QEMU/KVM VMs x 2 vCPU on AWS c5.metal bare metal
- 9 unique signatures collected in ~9h, all within xfrm_state lifecycle
{
"affected": [],
"aliases": [
"CVE-2026-46116"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-763"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: defensively unhash xfrm_state lists in __xfrm_state_delete\n\nKASAN reproduces a slab-use-after-free in __xfrm_state_delete()\u0027s\nhlist_del_rcu calls under syzkaller load on linux-6.12.y stable\n(reproduced on 6.12.47, also reachable via the same code path on\ntorvalds/master and on the ipsec tree). Nine unique signatures cluster\nin the xfrm_state lifecycle, the load-bearing one being:\n\n BUG: KASAN: slab-use-after-free in __hlist_del include/linux/list.h:990 [inline]\n BUG: KASAN: slab-use-after-free in hlist_del_rcu include/linux/rculist.h:516 [inline]\n BUG: KASAN: slab-use-after-free in __xfrm_state_delete net/xfrm/xfrm_state.c\n Write of size 8 at addr ffff8881198bcb70 by task kworker/u8:9/435\n\n Workqueue: netns cleanup_net\n Call Trace:\n __hlist_del / hlist_del_rcu\n __xfrm_state_delete\n xfrm_state_delete\n xfrm_state_flush\n xfrm_state_fini\n ops_exit_list\n cleanup_net\n\nThe other observed signatures hit the same slab object from\n__xfrm_state_lookup, xfrm_alloc_spi, __xfrm_state_insert and an OOB\nwrite variant of __xfrm_state_delete, all on the byseq/byspi\nhash chains.\n\n__xfrm_state_delete() guards its byseq and byspi unhashes with\nvalue-based predicates:\n\n\tif (x-\u003ekm.seq)\n\t\thlist_del_rcu(\u0026x-\u003ebyseq);\n\tif (x-\u003eid.spi)\n\t\thlist_del_rcu(\u0026x-\u003ebyspi);\n\nwhile everywhere else in the file (e.g. state_cache, state_cache_input)\nthe safer hlist_unhashed() check is used. xfrm_alloc_spi() sets\nx-\u003eid.spi = newspi inside xfrm_state_lock and then immediately inserts\ninto byspi, but a path that observes x-\u003eid.spi != 0 outside of\nxfrm_state_lock can still skip-or-hit the byspi unhash inconsistently\nwith whether x is actually on the list. The same holds for x-\u003ekm.seq\nversus byseq, and the bydst/bysrc unhashes have no predicate at all,\nso a second __xfrm_state_delete() on the same object writes through\nLIST_POISON pprev.\n\nThe defensive change here:\n\n - Use hlist_del_init_rcu() instead of hlist_del_rcu() on bydst,\n bysrc, byseq and byspi so a second deletion is a no-op rather\n than a write through LIST_POISON pprev. The byseq/byspi nodes\n are already initialised in xfrm_state_alloc().\n - Test hlist_unhashed() rather than the value predicate for\n byseq/byspi, so the unhash decision tracks list state rather than\n mutable scalar fields.\n\nEmpirical verification: applied this patch on top of v6.12.47, rebuilt,\nand re-ran the same syzkaller harness for 1h16m on a previously-crashy\nconfiguration that produced ~100 hits each of slab-use-after-free\nRead in xfrm_alloc_spi / Read in __xfrm_state_lookup / Write in\n__xfrm_state_delete. After the patch, 7.1M execs across 32 VMs at\n~1550 exec/sec produced zero xfrm_state UAF/OOB hits. /proc/slabinfo\nconfirms the xfrm_state slab is actively allocated and freed during\nthe run (~143 KiB resident), so the fuzzer is still exercising those\ncode paths -- they just no longer crash.\n\nReproduction:\n\n - Linux 6.12.47 x86_64 + KASAN_GENERIC + KASAN_INLINE + KCOV\n - syzkaller @ 746545b8b1e4c3a128db8652b340d3df90ce61db\n - 32 QEMU/KVM VMs x 2 vCPU on AWS c5.metal bare metal\n - 9 unique signatures collected in ~9h, all within xfrm_state\n lifecycle",
"id": "GHSA-96hg-7p79-ggx2",
"modified": "2026-07-15T03:32:35Z",
"published": "2026-05-28T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46116"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36018"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39179"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39180"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39371"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-46116"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482523"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14acf9652e5690de3c7486c6db5fb8dafd0a32a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/26edb0a3c99f9d958c212be68b21f1221614dcf0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c617848ae6e4f07a3e397f604208c293bbecacc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3943fcad7694a7d0b15aeabe7d3cc2a2eb8e92e8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4980162de555cb838f1a189ce7d2cbf5d2e7b050"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a2e2d08fb070fab4947447171f1c4e3ca5a188e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4a53add2fa8f1b5aa17d4c5686c320785fab182"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46116.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-96QM-PJ77-HP32
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-13831"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:16:57Z",
"severity": "HIGH"
},
"details": "Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-96qm-pj77-hp32",
"modified": "2026-07-01T15:35:01Z",
"published": "2026-07-01T00:34:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13831"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513781328"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-96QP-RFJ6-JFPJ
Vulnerability from github – Published: 2026-03-02 18:31 – Updated: 2026-03-02 18:31Memory corruption while handling different IOCTL calls from the user-space simultaneously.
{
"affected": [],
"aliases": [
"CVE-2025-47375"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-02T17:16:24Z",
"severity": "HIGH"
},
"details": "Memory corruption while handling different IOCTL calls from the user-space simultaneously.",
"id": "GHSA-96qp-rfj6-jfpj",
"modified": "2026-03-02T18:31:45Z",
"published": "2026-03-02T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47375"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-96RJ-CC48-WQPC
Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2023-01-27 21:31setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
{
"affected": [],
"aliases": [
"CVE-2020-12267"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-27T02:15:00Z",
"severity": "HIGH"
},
"details": "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.",
"id": "GHSA-96rj-cc48-wqpc",
"modified": "2023-01-27T21:31:15Z",
"published": "2022-05-24T17:16:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12267"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"type": "WEB",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-38"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.