CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-PCG9-J72P-9GJP
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2025-04-20 03:32The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2016-8674"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-15T21:59:00Z",
"severity": "MODERATE"
},
"details": "The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.",
"id": "GHSA-pcg9-j72p-9gjp",
"modified": "2025-04-20T03:32:57Z",
"published": "2022-05-17T00:27:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8674"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697015"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697019"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385685"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6ec"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3797"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/8"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93127"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCHH-RHX4-655J
Vulnerability from github – Published: 2022-12-14 21:30 – Updated: 2025-04-14 21:32A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
{
"affected": [],
"aliases": [
"CVE-2022-4283"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-14T21:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",
"id": "GHSA-pchh-rhx4-655j",
"modified": "2025-04-14T21:32:16Z",
"published": "2022-12-14T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4283"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-4283"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-30"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5304"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCMG-P58J-HF4W
Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-08 18:30A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..
{
"affected": [],
"aliases": [
"CVE-2023-23514"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T20:15:00Z",
"severity": "HIGH"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..",
"id": "GHSA-pcmg-p58j-hf4w",
"modified": "2023-03-08T18:30:26Z",
"published": "2023-02-27T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23514"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213633"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213635"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213670"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213675"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213677"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213670"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213675"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213677"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/171359/XNU-NFSSVC-Root-Check-Bypass-Use-After-Free.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Mar/17"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Mar/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Mar/21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCMP-JHFR-G2WR
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150225255
{
"affected": [],
"aliases": [
"CVE-2020-0233"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-11T15:15:00Z",
"severity": "HIGH"
},
"details": "In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150225255",
"id": "GHSA-pcmp-jhfr-g2wr",
"modified": "2022-05-24T17:20:19Z",
"published": "2022-05-24T17:20:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0233"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2020-06-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PCPR-HXM8-3MJ4
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-10-19 19:00Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
{
"affected": [],
"aliases": [
"CVE-2020-15436"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-23T21:15:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",
"id": "GHSA-pcpr-hxm8-3mj4",
"modified": "2022-10-19T19:00:24Z",
"published": "2022-05-24T17:34:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15436"
},
{
"type": "WEB",
"url": "https://lkml.org/lkml/2020/6/7/379"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201218-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCQF-PM3V-QGW4
Vulnerability from github – Published: 2022-01-14 00:01 – Updated: 2022-01-15 00:02This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14837.
{
"affected": [],
"aliases": [
"CVE-2021-34884"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-13T22:15:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14837.",
"id": "GHSA-pcqf-pm3v-qgw4",
"modified": "2022-01-15T00:02:35Z",
"published": "2022-01-14T00:01:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34884"
},
{
"type": "WEB",
"url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0008"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1473"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PCR5-V468-562J
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: fix potential use-after-free in ec_bhf_remove
static void ec_bhf_remove(struct pci_dev dev) { ... struct ec_bhf_priv priv = netdev_priv(net_dev);
unregister_netdev(net_dev);
free_netdev(net_dev);
pci_iounmap(dev, priv->dma_io);
pci_iounmap(dev, priv->io);
... }
priv is netdev private data, but it is used after free_netdev(). It can cause use-after-free when accessing priv pointer. So, fix it by moving free_netdev() after pci_iounmap() calls.
{
"affected": [],
"aliases": [
"CVE-2021-47235"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:12Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: fix potential use-after-free in ec_bhf_remove\n\nstatic void ec_bhf_remove(struct pci_dev *dev)\n{\n...\n\tstruct ec_bhf_priv *priv = netdev_priv(net_dev);\n\n\tunregister_netdev(net_dev);\n\tfree_netdev(net_dev);\n\n\tpci_iounmap(dev, priv-\u003edma_io);\n\tpci_iounmap(dev, priv-\u003eio);\n...\n}\n\npriv is netdev private data, but it is used\nafter free_netdev(). It can cause use-after-free when accessing priv\npointer. So, fix it by moving free_netdev() after pci_iounmap()\ncalls.",
"id": "GHSA-pcr5-v468-562j",
"modified": "2024-12-30T21:30:45Z",
"published": "2024-05-21T15:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47235"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCRM-WG3J-58J3
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-21109"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-08T19:15:00Z",
"severity": "CRITICAL"
},
"details": "Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"id": "GHSA-pcrm-wg3j-58j3",
"modified": "2022-05-24T17:38:25Z",
"published": "2022-05-24T17:38:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21109"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1152334"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VVUWIJKZTZTG6G475OR6PP4WPQBVM6PS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6P6AVVFP7B2M4H7TJQBASRZIBLOTUFN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-05"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4832"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PCV9-72Q8-27VC
Vulnerability from github – Published: 2023-08-07 15:30 – Updated: 2024-09-16 14:37A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2023-4147"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-07T14:15:11Z",
"severity": "HIGH"
},
"details": "A use-after-free flaw was found in the Linux kernel\u2019s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.",
"id": "GHSA-pcv9-72q8-27vc",
"modified": "2024-09-16T14:37:21Z",
"published": "2023-08-07T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4147"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:5069"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:5091"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:5093"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7382"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7389"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7411"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-4147"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231020-0006"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"type": "WEB",
"url": "https://www.spinics.net/lists/stable/msg671573.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PF26-75R6-GMXV
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Windows Netlogon allows an authorized attacker to elevate privileges over a network.
{
"affected": [],
"aliases": [
"CVE-2026-50500"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:56Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Netlogon allows an authorized attacker to elevate privileges over a network.",
"id": "GHSA-pf26-75r6-gmxv",
"modified": "2026-07-14T18:32:28Z",
"published": "2026-07-14T18:32:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50500"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50500"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.