CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-96W5-8HMQ-XX4V
Vulnerability from github – Published: 2024-02-16 00:30 – Updated: 2024-08-01 15:31In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-40115"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-15T23:15:08Z",
"severity": "CRITICAL"
},
"details": "In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-96w5-8hmq-xx4v",
"modified": "2024-08-01T15:31:26Z",
"published": "2024-02-16T00:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40115"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e4cd2d8f75d1b7b83a759d752f38099a9aa9997e"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-11-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-973X-RQ3W-69HV
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-06 06:30Use after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-11131"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:17:19Z",
"severity": "CRITICAL"
},
"details": "Use after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-973x-rq3w-69hv",
"modified": "2026-06-06T06:30:28Z",
"published": "2026-06-05T00:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11131"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/501561644"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-975Q-8V3H-8J23
Vulnerability from github – Published: 2022-07-20 00:00 – Updated: 2026-05-27 15:32Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
{
"affected": [],
"aliases": [
"CVE-2022-21540"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-19T22:15:00Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"id": "GHSA-975q-8v3h-8j23",
"modified": "2026-05-27T15:32:53Z",
"published": "2022-07-20T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21540"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220729-0009"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-975V-WJ6R-FGJ8
Vulnerability from github – Published: 2024-04-05 21:32 – Updated: 2024-04-26 09:30GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.
{
"affected": [],
"aliases": [
"CVE-2024-2312"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-05T20:15:09Z",
"severity": "MODERATE"
},
"details": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu\u0027s peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.",
"id": "GHSA-975v-wj6r-fgj8",
"modified": "2024-04-26T09:30:33Z",
"published": "2024-04-05T21:32:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2312"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240426-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-976P-WP36-P43W
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2022-05-14 03:10A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60.
{
"affected": [],
"aliases": [
"CVE-2018-5180"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "HIGH"
},
"details": "A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox \u003c 60.",
"id": "GHSA-976p-wp36-p43w",
"modified": "2022-05-14T03:10:31Z",
"published": "2022-05-14T03:10:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5180"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1444086"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3645-1"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-11"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104139"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040896"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9787-F568-7RR2
Vulnerability from github – Published: 2023-06-28 21:30 – Updated: 2025-02-13 18:31A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.
Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.
We recommend upgrading past commit 4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable.
{
"affected": [],
"aliases": [
"CVE-2023-3389"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-28T20:15:09Z",
"severity": "HIGH"
},
"details": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit 4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and\u00a00e388fce7aec40992eadee654193cad345d62663 for 5.15 stable.",
"id": "GHSA-9787-f568-7rr2",
"modified": "2025-02-13T18:31:40Z",
"published": "2023-06-28T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3389"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=4716c73b188566865bdd79c3a6709696a224ac04"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y\u0026id=0e388fce7aec40992eadee654193cad345d62663"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59"
},
{
"type": "WEB",
"url": "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663"
},
{
"type": "WEB",
"url": "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04"
},
{
"type": "WEB",
"url": "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230731-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-979M-XJJJ-H2PW
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-33098"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:17:31Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-979m-xjjj-h2pw",
"modified": "2026-04-14T18:30:42Z",
"published": "2026-04-14T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33098"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33098"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-979X-P54W-XV3W
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setItems method of a ComboBox. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7069.
{
"affected": [],
"aliases": [
"CVE-2018-17688"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-24T04:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setItems method of a ComboBox. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7069.",
"id": "GHSA-979x-p54w-xv3w",
"modified": "2022-05-13T01:33:51Z",
"published": "2022-05-13T01:33:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17688"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1155"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-97F5-6J52-RP35
Vulnerability from github – Published: 2025-02-27 18:31 – Updated: 2025-02-27 18:31In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix race on unaccepted mptcp sockets
When the listener socket owning the relevant request is closed, it frees the unaccepted subflows and that causes later deletion of the paired MPTCP sockets.
The mptcp socket's worker can run in the time interval between such delete operations. When that happens, any access to msk->first will cause an UaF access, as the subflow cleanup did not cleared such field in the mptcp socket.
Address the issue explicitly traversing the listener socket accept queue at close time and performing the needed cleanup on the pending msk.
Note that the locking is a bit tricky, as we need to acquire the msk socket lock, while still owning the subflow socket one.
{
"affected": [],
"aliases": [
"CVE-2022-49669"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:41Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race on unaccepted mptcp sockets\n\nWhen the listener socket owning the relevant request is closed,\nit frees the unaccepted subflows and that causes later deletion\nof the paired MPTCP sockets.\n\nThe mptcp socket\u0027s worker can run in the time interval between such delete\noperations. When that happens, any access to msk-\u003efirst will cause an UaF\naccess, as the subflow cleanup did not cleared such field in the mptcp\nsocket.\n\nAddress the issue explicitly traversing the listener socket accept\nqueue at close time and performing the needed cleanup on the pending\nmsk.\n\nNote that the locking is a bit tricky, as we need to acquire the msk\nsocket lock, while still owning the subflow socket one.",
"id": "GHSA-97f5-6j52-rp35",
"modified": "2025-02-27T18:31:09Z",
"published": "2025-02-27T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49669"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6aeed9045071f2252ff4e98fc13d1e304f33e5b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8a3e95c74e48c2c9b07b81fafda9122993f2e12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-97FH-3X83-FVH6
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: Fix Use-After-Free in ovs_ct_exit
Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free.
To prevent this, it should be changed to hlist_for_each_entry_safe.
{
"affected": [],
"aliases": [
"CVE-2024-27395"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:12:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix Use-After-Free in ovs_ct_exit\n\nSince kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof ovs_ct_limit_exit, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
"id": "GHSA-97fh-3x83-fvh6",
"modified": "2026-05-12T12:31:45Z",
"published": "2024-05-14T15:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27395"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e8d32865"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.