CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9806 vulnerabilities reference this CWE, most recent first.
GHSA-MW8Q-CF75-7F35
Vulnerability from github – Published: 2022-05-14 01:07 – Updated: 2022-05-14 01:07drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
{
"affected": [],
"aliases": [
"CVE-2018-14734"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-29T23:29:00Z",
"severity": "HIGH"
},
"details": "drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).",
"id": "GHSA-mw8q-cf75-7f35",
"modified": "2022-05-14T01:07:16Z",
"published": "2022-05-14T01:07:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14734"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0831"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3797-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3797-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3847-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3847-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3847-3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3849-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3849-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW97-4R24-9GGW
Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6378"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-11T15:15:00Z",
"severity": "MODERATE"
},
"details": "Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-mw97-4r24-9ggw",
"modified": "2022-05-24T17:08:37Z",
"published": "2022-05-24T17:08:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6378"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1018677"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-08"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MW97-4XHW-R6F2
Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2024-04-03 18:30Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22639.
{
"affected": [],
"aliases": [
"CVE-2024-30333"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T17:15:57Z",
"severity": "HIGH"
},
"details": "Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22639.",
"id": "GHSA-mw97-4xhw-r6f2",
"modified": "2024-04-03T18:30:44Z",
"published": "2024-04-03T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30333"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-307"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW9F-CFV6-V3RG
Vulnerability from github – Published: 2025-04-02 03:31 – Updated: 2025-04-02 15:31Use after free in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-3066"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-02T01:15:37Z",
"severity": "HIGH"
},
"details": "Use after free in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-mw9f-cfv6-v3rg",
"modified": "2025-04-02T15:31:31Z",
"published": "2025-04-02T03:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3066"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/405140652"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW9Q-GFJJ-7MHX
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2026-40415"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:17:19Z",
"severity": "HIGH"
},
"details": "Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-mw9q-gfjj-7mhx",
"modified": "2026-05-12T18:30:45Z",
"published": "2026-05-12T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40415"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40415"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWC4-GJWC-WWQ7
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22135.
{
"affected": [],
"aliases": [
"CVE-2023-42108"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:48Z",
"severity": "HIGH"
},
"details": "PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22135.",
"id": "GHSA-mwc4-gjwc-wwq7",
"modified": "2024-05-03T03:31:02Z",
"published": "2024-05-03T03:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42108"
},
{
"type": "WEB",
"url": "https://www.tracker-software.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1483"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWHP-8FFR-HVVG
Vulnerability from github – Published: 2023-11-03 21:30 – Updated: 2026-05-12 12:31The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
{
"affected": [],
"aliases": [
"CVE-2023-47233"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-03T21:15:17Z",
"severity": "MODERATE"
},
"details": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.",
"id": "GHSA-mwhp-8ffr-hvvg",
"modified": "2026-05-12T12:31:33Z",
"published": "2023-11-03T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47233"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz@163.com"
},
{
"type": "WEB",
"url": "https://marc.info/?l=linux-kernel\u0026m=169907678011243\u0026w=2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWHR-F52P-4877
Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-16 00:00In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794
{
"affected": [],
"aliases": [
"CVE-2022-20306"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-12T15:15:00Z",
"severity": "MODERATE"
},
"details": "In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794",
"id": "GHSA-mwhr-f52p-4877",
"modified": "2022-08-16T00:00:23Z",
"published": "2022-08-13T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20306"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWHV-QC2J-6V6W
Vulnerability from github – Published: 2026-06-09 00:33 – Updated: 2026-06-09 03:31Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-11652"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T00:16:48Z",
"severity": "HIGH"
},
"details": "Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-mwhv-qc2j-6v6w",
"modified": "2026-06-09T03:31:39Z",
"published": "2026-06-09T00:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11652"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513156160"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWJC-97RR-5V3C
Vulnerability from github – Published: 2022-05-14 02:22 – Updated: 2025-04-12 13:02Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
{
"affected": [],
"aliases": [
"CVE-2016-4228"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-13T02:00:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.",
"id": "GHSA-mwjc-97rr-5v3c",
"modified": "2025-04-12T13:02:14Z",
"published": "2022-05-14T02:22:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4228"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:1423"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201607-03"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/40309"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91719"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036280"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.