Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9806 vulnerabilities reference this CWE, most recent first.

GHSA-P2W5-XCH3-V6PV

Vulnerability from github – Published: 2023-05-18 00:30 – Updated: 2024-04-04 04:13
VLAI
Details

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-17T22:15:10Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.",
  "id": "GHSA-p2w5-xch3-v6pv",
  "modified": "2024-04-04T04:13:59Z",
  "published": "2023-05-18T00:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2203"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:2653"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:3108"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-2203"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188543"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P2XQ-87XH-464R

Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rapidio: fix an API misues when rio_add_net() fails

rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21934"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T16:15:24Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix an API misues when rio_add_net() fails\n\nrio_add_net() calls device_register() and fails when device_register()\nfails.  Thus, put_device() should be used rather than kfree().  Add\n\"mport-\u003enet = NULL;\" to avoid a use after free issue.",
  "id": "GHSA-p2xq-87xh-464r",
  "modified": "2025-11-03T21:33:24Z",
  "published": "2025-04-01T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21934"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22e4977141dfc6d109bf29b495bf2187b4250990"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2537f01d57f08c527e40bbb5862aa6ff43344898"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88ddad53e4cfb6de861c6d4fb7b25427f46baed5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a5f5e520e8fbc6294020ff8afa36f684d92c6e6a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2ef51c74b0171fde7eb69b6152d3d2f743ef269"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cdd9f58f7fe41a55fae4305ea51fc234769fd466"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4ec862ce80f64db923a1d942b5d11cf6fc87d36"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0aa4ee1cbbf7789907e5a3f6810de01c146c211"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P2XR-7HVV-JQ75

Vulnerability from github – Published: 2022-05-14 01:20 – Updated: 2022-05-14 01:20
VLAI
Details

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-24T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.",
  "id": "GHSA-p2xr-7hvv-jq75",
  "modified": "2022-05-14T01:20:22Z",
  "published": "2022-05-14T01:20:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11412"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0525"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1580"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199803"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3752-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3752-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3752-3"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44832"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104291"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P346-PX87-VF2H

Vulnerability from github – Published: 2024-10-29 03:31 – Updated: 2024-10-30 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()

Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the use-after-free error, but introduced below memory leaks by removing necessary vcap_free_rule(), add it to fix it.

unreferenced object 0xffffff80ca58b700 (size 192):
  comm "kunit_try_catch", pid 1215, jiffies 4294898264
  hex dump (first 32 bytes):
    00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00  ..z.........d...
    00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff  ................
  backtrace (crc 9c09c3fe):
    [<0000000052a0be73>] kmemleak_alloc+0x34/0x40
    [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
    [<0000000040a01b8d>] vcap_alloc_rule+0x3cc/0x9c4
    [<000000003fe86110>] vcap_api_encode_rule_test+0x1ac/0x16b0
    [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac
    [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000c5d82c9a>] kthread+0x2e8/0x374
    [<00000000f4287308>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cc0b0400 (size 64):
  comm "kunit_try_catch", pid 1215, jiffies 4294898265
  hex dump (first 32 bytes):
    80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff  ..........X.....
    39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff  9...............
  backtrace (crc daf014e9):
    [<0000000052a0be73>] kmemleak_alloc+0x34/0x40
    [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
    [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528
    [<00000000dfdb1e81>] vcap_api_encode_rule_test+0x224/0x16b0
    [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac
    [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000c5d82c9a>] kthread+0x2e8/0x374
    [<00000000f4287308>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cc0b0700 (size 64):
  comm "kunit_try_catch", pid 1215, jiffies 4294898265
  hex dump (first 32 bytes):
    80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff  ........(.X.....
    3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff  <......../......
  backtrace (crc 8d877792):
    [<0000000052a0be73>] kmemleak_alloc+0x34/0x40
    [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
    [<000000006eadfab7>] vcap_rule_add_action+0x2d0/0x52c
    [<00000000323475d1>] vcap_api_encode_rule_test+0x4d4/0x16b0
    [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac
    [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000c5d82c9a>] kthread+0x2e8/0x374
    [<00000000f4287308>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cc0b0900 (size 64):
  comm "kunit_try_catch", pid 1215, jiffies 4294898266
  hex dump (first 32 bytes):
    80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff  ................
    7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00  }...............
  backtrace (crc 34181e56):
    [<0000000052a0be73>] kmemleak_alloc+0x34/0x40
    [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
    [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528
    [<00000000991e3564>] vcap_val_rule+0xcf0/0x13e8
    [<00000000fc9868e5>] vcap_api_encode_rule_test+0x678/0x16b0
    [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac
    [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec
    [<00000000c5d82c9a>] kthread+0x2e8/0x374
    [<00000000f4287308>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80cc0b0980 (size 64):
  comm "kunit_try_catch", pid 1215, jiffies 4294898266
  hex dump (first 32 bytes):
    18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff  ..X.............
    67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff  g.........t.....
  backtrace (crc 275fd9be):
    [<0000000052a0be73>] kmemleak_alloc+0x34/0x40
    [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4
    [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528
    [<000000001396a1a2>] test_add_de

---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-29T01:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()\n\nCommit a3c1e45156ad (\"net: microchip: vcap: Fix use-after-free error in\nkunit test\") fixed the use-after-free error, but introduced below\nmemory leaks by removing necessary vcap_free_rule(), add it to fix it.\n\n\tunreferenced object 0xffffff80ca58b700 (size 192):\n\t  comm \"kunit_try_catch\", pid 1215, jiffies 4294898264\n\t  hex dump (first 32 bytes):\n\t    00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00  ..z.........d...\n\t    00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff  ................\n\t  backtrace (crc 9c09c3fe):\n\t    [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t    [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t    [\u003c0000000040a01b8d\u003e] vcap_alloc_rule+0x3cc/0x9c4\n\t    [\u003c000000003fe86110\u003e] vcap_api_encode_rule_test+0x1ac/0x16b0\n\t    [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t    [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t    [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0400 (size 64):\n\t  comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t  hex dump (first 32 bytes):\n\t    80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff  ..........X.....\n\t    39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff  9...............\n\t  backtrace (crc daf014e9):\n\t    [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t    [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t    [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t    [\u003c00000000dfdb1e81\u003e] vcap_api_encode_rule_test+0x224/0x16b0\n\t    [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t    [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t    [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0700 (size 64):\n\t  comm \"kunit_try_catch\", pid 1215, jiffies 4294898265\n\t  hex dump (first 32 bytes):\n\t    80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff  ........(.X.....\n\t    3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff  \u003c......../......\n\t  backtrace (crc 8d877792):\n\t    [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t    [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t    [\u003c000000006eadfab7\u003e] vcap_rule_add_action+0x2d0/0x52c\n\t    [\u003c00000000323475d1\u003e] vcap_api_encode_rule_test+0x4d4/0x16b0\n\t    [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t    [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t    [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0900 (size 64):\n\t  comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t  hex dump (first 32 bytes):\n\t    80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff  ................\n\t    7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00  }...............\n\t  backtrace (crc 34181e56):\n\t    [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t    [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t    [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t    [\u003c00000000991e3564\u003e] vcap_val_rule+0xcf0/0x13e8\n\t    [\u003c00000000fc9868e5\u003e] vcap_api_encode_rule_test+0x678/0x16b0\n\t    [\u003c00000000b3595fc4\u003e] kunit_try_run_case+0x13c/0x3ac\n\t    [\u003c0000000010f5d2bf\u003e] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t    [\u003c00000000c5d82c9a\u003e] kthread+0x2e8/0x374\n\t    [\u003c00000000f4287308\u003e] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cc0b0980 (size 64):\n\t  comm \"kunit_try_catch\", pid 1215, jiffies 4294898266\n\t  hex dump (first 32 bytes):\n\t    18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff  ..X.............\n\t    67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff  g.........t.....\n\t  backtrace (crc 275fd9be):\n\t    [\u003c0000000052a0be73\u003e] kmemleak_alloc+0x34/0x40\n\t    [\u003c0000000043605459\u003e] __kmalloc_cache_noprof+0x26c/0x2f4\n\t    [\u003c000000000ff63fd4\u003e] vcap_rule_add_key+0x2cc/0x528\n\t    [\u003c000000001396a1a2\u003e] test_add_de\n---truncated---",
  "id": "GHSA-p346-px87-vf2h",
  "modified": "2024-10-30T15:30:46Z",
  "published": "2024-10-29T03:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50084"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/170792097bb21e5da77443b6a03d35489813eabe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/20b5342de51bda794791e013b90754774003a515"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/217a3d98d1e9891a8b1438a27dfbc64ddf01f691"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P35Q-VVHX-5RQ6

Vulnerability from github – Published: 2024-11-20 00:32 – Updated: 2024-11-20 18:32
VLAI
Details

In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9428"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T22:15:19Z",
    "severity": "HIGH"
  },
  "details": "In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.  https://source.android.com/security/bulletin/2018-07-01",
  "id": "GHSA-p35q-vvhx-5rq6",
  "modified": "2024-11-20T18:32:16Z",
  "published": "2024-11-20T00:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9428"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-07-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P36V-2C7W-2X8F

Vulnerability from github – Published: 2023-05-12 18:30 – Updated: 2024-04-04 04:04
VLAI
Details

Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-12T18:15:09Z",
    "severity": "HIGH"
  },
  "details": "Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)",
  "id": "GHSA-p36v-2c7w-2x8f",
  "modified": "2024-04-04T04:04:24Z",
  "published": "2023-05-12T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2458"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1430692"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P379-73VV-4H7J

Vulnerability from github – Published: 2026-06-12 00:31 – Updated: 2026-06-12 03:31
VLAI
Details

Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12014"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-11T22:16:53Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)",
  "id": "GHSA-p379-73vv-4h7j",
  "modified": "2026-06-12T03:31:28Z",
  "published": "2026-06-12T00:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12014"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/514742747"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P384-CV6J-HXG8

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06
VLAI
Details

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-19T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
  "id": "GHSA-p384-cv6j-hxg8",
  "modified": "2022-05-13T01:06:29Z",
  "published": "2022-05-13T01:06:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5759"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0309"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/912211"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4395"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106767"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P38J-QVHV-9439

Vulnerability from github – Published: 2023-09-11 15:31 – Updated: 2024-04-04 07:35
VLAI
Details

Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-16471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-11T14:15:07Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-p38j-qvhv-9439",
  "modified": "2024-04-04T07:35:07Z",
  "published": "2023-09-11T15:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16471"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P3C6-HV53-XJ57

Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19
VLAI
Details

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17462"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-14T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.",
  "id": "GHSA-p3c6-hv53-xj57",
  "modified": "2022-05-13T01:19:26Z",
  "published": "2022-05-13T01:19:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17462"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3004"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/888926"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201811-10"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4330"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105666"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.