Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-PCG9-J72P-9GJP

Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2025-04-20 03:32
VLAI
Details

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-8674"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-15T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.",
  "id": "GHSA-pcg9-j72p-9gjp",
  "modified": "2025-04-20T03:32:57Z",
  "published": "2022-05-17T00:27:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8674"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697015"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697019"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385685"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6ec"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3797"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/16/8"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93127"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCHH-RHX4-655J

Vulnerability from github – Published: 2022-12-14 21:30 – Updated: 2025-04-14 21:32
VLAI
Details

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",
  "id": "GHSA-pchh-rhx4-655j",
  "modified": "2025-04-14T21:32:16Z",
  "published": "2022-12-14T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4283"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:0045"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:0046"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-4283"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-30"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5304"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCMG-P58J-HF4W

Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-08 18:30
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-27T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..",
  "id": "GHSA-pcmg-p58j-hf4w",
  "modified": "2023-03-08T18:30:26Z",
  "published": "2023-02-27T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23514"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213633"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213635"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213670"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213675"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213677"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213670"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213675"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213677"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/171359/XNU-NFSSVC-Root-Check-Bypass-Use-After-Free.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/17"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/18"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCMP-JHFR-G2WR

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20
VLAI
Details

In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150225255

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-11T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150225255",
  "id": "GHSA-pcmp-jhfr-g2wr",
  "modified": "2022-05-24T17:20:19Z",
  "published": "2022-05-24T17:20:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0233"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2020-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PCPR-HXM8-3MJ4

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-10-19 19:00
VLAI
Details

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-23T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",
  "id": "GHSA-pcpr-hxm8-3mj4",
  "modified": "2022-10-19T19:00:24Z",
  "published": "2022-05-24T17:34:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15436"
    },
    {
      "type": "WEB",
      "url": "https://lkml.org/lkml/2020/6/7/379"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20201218-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCQF-PM3V-QGW4

Vulnerability from github – Published: 2022-01-14 00:01 – Updated: 2022-01-15 00:02
VLAI
Details

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14837.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-13T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14837.",
  "id": "GHSA-pcqf-pm3v-qgw4",
  "modified": "2022-01-15T00:02:35Z",
  "published": "2022-01-14T00:01:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34884"
    },
    {
      "type": "WEB",
      "url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0008"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1473"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PCR5-V468-562J

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: fix potential use-after-free in ec_bhf_remove

static void ec_bhf_remove(struct pci_dev dev) { ... struct ec_bhf_priv priv = netdev_priv(net_dev);

unregister_netdev(net_dev);
free_netdev(net_dev);

pci_iounmap(dev, priv->dma_io);
pci_iounmap(dev, priv->io);

... }

priv is netdev private data, but it is used after free_netdev(). It can cause use-after-free when accessing priv pointer. So, fix it by moving free_netdev() after pci_iounmap() calls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:12Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: fix potential use-after-free in ec_bhf_remove\n\nstatic void ec_bhf_remove(struct pci_dev *dev)\n{\n...\n\tstruct ec_bhf_priv *priv = netdev_priv(net_dev);\n\n\tunregister_netdev(net_dev);\n\tfree_netdev(net_dev);\n\n\tpci_iounmap(dev, priv-\u003edma_io);\n\tpci_iounmap(dev, priv-\u003eio);\n...\n}\n\npriv is netdev private data, but it is used\nafter free_netdev(). It can cause use-after-free when accessing priv\npointer. So, fix it by moving free_netdev() after pci_iounmap()\ncalls.",
  "id": "GHSA-pcr5-v468-562j",
  "modified": "2024-12-30T21:30:45Z",
  "published": "2024-05-21T15:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47235"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0260916843cc74f3906acf8b6f256693e01530a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19f88ca68ccf8771276a606765239b167654f84a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1cafc540b7bf1b6a5a77dc000205fe337ef6eba6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95deeb29d831e2fae608439e243e7a520611e7ea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9cca0c2d70149160407bda9a9446ce0c29b6e6c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1ad283755095a4b9d1431aeb357d7df1a33d3bb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d11d79e52ba080ee567cb7d7eb42a5ade60a8130"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db2bc3cfd2bc01621014d4f17cdfc74611f339c8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCRM-WG3J-58J3

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38
VLAI
Details

Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-08T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
  "id": "GHSA-pcrm-wg3j-58j3",
  "modified": "2022-05-24T17:38:25Z",
  "published": "2022-05-24T17:38:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21109"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1152334"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VVUWIJKZTZTG6G475OR6PP4WPQBVM6PS"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6P6AVVFP7B2M4H7TJQBASRZIBLOTUFN"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-05"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4832"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PCV9-72Q8-27VC

Vulnerability from github – Published: 2023-08-07 15:30 – Updated: 2024-09-16 14:37
VLAI
Details

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-07T14:15:11Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free flaw was found in the Linux kernel\u2019s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.",
  "id": "GHSA-pcv9-72q8-27vc",
  "modified": "2024-09-16T14:37:21Z",
  "published": "2023-08-07T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4147"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:5069"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:5091"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:5093"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7382"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7389"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7411"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4147"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231020-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5480"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5492"
    },
    {
      "type": "WEB",
      "url": "https://www.spinics.net/lists/stable/msg671573.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PF26-75R6-GMXV

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use after free in Windows Netlogon allows an authorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50500"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:56Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows Netlogon allows an authorized attacker to elevate privileges over a network.",
  "id": "GHSA-pf26-75r6-gmxv",
  "modified": "2026-07-14T18:32:28Z",
  "published": "2026-07-14T18:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50500"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50500"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.