CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9813 vulnerabilities reference this CWE, most recent first.
GHSA-PQ3Q-H37W-5953
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-40728"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-15T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-pq3q-h37w-5953",
"modified": "2022-05-24T19:17:41Z",
"published": "2022-05-24T19:17:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40728"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-104.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PQ4C-FM9X-V9HJ
Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-30 03:37In the Linux kernel, the following vulnerability has been resolved:
drm/xe/dma-buf: handle empty bo and UAF races
There look to be some nasty races here when triggering the invalidate_mappings hook:
1) We do xe_bo_alloc() followed by the attach, before the actual full bo init step in xe_dma_buf_init_obj(). However the bo is visible on the attachments list after the attach. This is bad since exporter driver, say amdgpu, can at any time call back into our invalidate_mappings hook, with an empty/bogus bo, leading to potential bugs/crashes.
2) Similar to 1) but here we get a UAF, when the invalidate_mappings hook is triggered. For example, we get as far as xe_bo_init_locked() but this fails in some way. But here the bo will be freed on error, but we still have it attached from dma-buf pov, so if the invalidate_mappings is now triggered then the bo we access is gone and we trigger UAF and more bugs/crashes.
To fix this, move the attach step until after we actually have a fully set up buffer object. Note that the bo is not published to userspace until later, so not sure what the comment "Don't publish the bo until we have a valid attachment", is referring to.
We have at least two different customers reporting hitting a NULL ptr deref in evict_flags when importing something from amdgpu, followed by triggering the evict flow. Hit rate is also pretty low, which would hint at some kind of race, so something like 1) or 2) might explain this.
v2: - Shuffle the order of the ops slightly (no functional change) - Improve the comment to better explain the ordering (Matt B)
(cherry picked from commit af1f2ad0c59fe4e2f924c526f66e968289d77971)
{
"affected": [],
"aliases": [
"CVE-2026-52951"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T17:17:05Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/dma-buf: handle empty bo and UAF races\n\nThere look to be some nasty races here when triggering the\ninvalidate_mappings hook:\n\n1) We do xe_bo_alloc() followed by the attach, before the actual full bo\n init step in xe_dma_buf_init_obj(). However the bo is visible on the\n attachments list after the attach. This is bad since exporter driver,\n say amdgpu, can at any time call back into our invalidate_mappings hook,\n with an empty/bogus bo, leading to potential bugs/crashes.\n\n2) Similar to 1) but here we get a UAF, when the invalidate_mappings\n hook is triggered. For example, we get as far as xe_bo_init_locked()\n but this fails in some way. But here the bo will be freed on error, but\n we still have it attached from dma-buf pov, so if the\n invalidate_mappings is now triggered then the bo we access is gone and\n we trigger UAF and more bugs/crashes.\n\nTo fix this, move the attach step until after we actually have a fully\nset up buffer object. Note that the bo is not published to userspace\nuntil later, so not sure what the comment \"Don\u0027t publish the bo\nuntil we have a valid attachment\", is referring to.\n\nWe have at least two different customers reporting hitting a NULL ptr\nderef in evict_flags when importing something from amdgpu, followed by\ntriggering the evict flow. Hit rate is also pretty low, which would\nhint at some kind of race, so something like 1) or 2) might explain\nthis.\n\nv2:\n - Shuffle the order of the ops slightly (no functional change)\n - Improve the comment to better explain the ordering (Matt B)\n\n(cherry picked from commit af1f2ad0c59fe4e2f924c526f66e968289d77971)",
"id": "GHSA-pq4c-fm9x-v9hj",
"modified": "2026-06-30T03:37:11Z",
"published": "2026-06-24T18:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52951"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-52951"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492353"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20a99ea1e2fd720856d6ba497ff26b82c604751f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/981bedbbe61364fcc3a3b87ebaf648a66cd07108"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9894731e513019df22a29e5c52f1c98890355ff1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c473ae25421fddc3dde247ba7b85225b10641d09"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52951.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQ5J-CMM3-64MG
Vulnerability from github – Published: 2024-05-07 09:30 – Updated: 2024-05-07 09:30in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.
{
"affected": [],
"aliases": [
"CVE-2024-27217"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-07T07:15:48Z",
"severity": "MODERATE"
},
"details": "in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.",
"id": "GHSA-pq5j-cmm3-64mg",
"modified": "2024-05-07T09:30:32Z",
"published": "2024-05-07T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27217"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PQ6R-WVVH-JM62
Vulnerability from github – Published: 2022-05-17 03:48 – Updated: 2025-04-12 13:03epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
{
"affected": [],
"aliases": [
"CVE-2016-7180"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-09T10:59:00Z",
"severity": "MODERATE"
},
"details": "epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.",
"id": "GHSA-pq6r-wvvh-jm62",
"modified": "2025-04-12T13:03:55Z",
"published": "2022-05-17T03:48:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7180"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12782"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/17289"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5213496250aceff086404c568e3718ebc0060934"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5213496250aceff086404c568e3718ebc0060934"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2016-55.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3671"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036760"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQ8C-7829-94J2
Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2022-02-20 00:00Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-0300"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-12T02:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-pq8c-7829-94j2",
"modified": "2022-02-20T00:00:47Z",
"published": "2022-02-15T00:02:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0300"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1275438"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PQ8X-83CH-9HRX
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135140854
{
"affected": [],
"aliases": [
"CVE-2020-0212"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-11T15:15:00Z",
"severity": "MODERATE"
},
"details": "In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135140854",
"id": "GHSA-pq8x-83ch-9hrx",
"modified": "2022-05-24T17:20:18Z",
"published": "2022-05-24T17:20:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0212"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2020-06-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PQC2-G93J-9599
Vulnerability from github – Published: 2023-06-07 21:30 – Updated: 2023-12-08 18:30CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
{
"affected": [],
"aliases": [
"CVE-2023-33595"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-07T20:15:09Z",
"severity": "MODERATE"
},
"details": "CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.",
"id": "GHSA-pqc2-g93j-9599",
"modified": "2023-12-08T18:30:37Z",
"published": "2023-06-07T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33595"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/103824"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/103993/commits/c120bc2d354ca3d27d0c7a53bf65574ddaabaf3a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQG4-X7W2-6F65
Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()
ctnetlink_dump_exp_ct() stores a conntrack pointer in cb->data for the netlink dump callback ctnetlink_exp_ct_dump_table(), but drops the conntrack reference immediately after netlink_dump_start(). When the dump spans multiple rounds, the second recvmsg() triggers the dump callback which dereferences the now-freed conntrack via nfct_help(ct), leading to a use-after-free on ct->ext.
The bug is that the netlink_dump_control has no .start or .done callbacks to manage the conntrack reference across dump rounds. Other dump functions in the same file (e.g. ctnetlink_get_conntrack) properly use .start/.done callbacks for this purpose.
Fix this by adding .start and .done callbacks that hold and release the conntrack reference for the duration of the dump, and move the nfct_help() call after the cb->args[0] early-return check in the dump callback to avoid dereferencing ct->ext unnecessarily.
BUG: KASAN: slab-use-after-free in ctnetlink_exp_ct_dump_table+0x4f/0x2e0 Read of size 8 at addr ffff88810597ebf0 by task ctnetlink_poc/133
CPU: 1 UID: 0 PID: 133 Comm: ctnetlink_poc Not tainted 7.0.0-rc2+ #3 PREEMPTLAZY Call Trace: ctnetlink_exp_ct_dump_table+0x4f/0x2e0 netlink_dump+0x333/0x880 netlink_recvmsg+0x3e2/0x4b0 ? aa_sk_perm+0x184/0x450 sock_recvmsg+0xde/0xf0
Allocated by task 133: kmem_cache_alloc_noprof+0x134/0x440 __nf_conntrack_alloc+0xa8/0x2b0 ctnetlink_create_conntrack+0xa1/0x900 ctnetlink_new_conntrack+0x3cf/0x7d0 nfnetlink_rcv_msg+0x48e/0x510 netlink_rcv_skb+0xc9/0x1f0 nfnetlink_rcv+0xdb/0x220 netlink_unicast+0x3ec/0x590 netlink_sendmsg+0x397/0x690 __sys_sendmsg+0xf4/0x180
Freed by task 0: slab_free_after_rcu_debug+0xad/0x1e0 rcu_core+0x5c3/0x9c0
{
"affected": [],
"aliases": [
"CVE-2026-23458"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-03T16:16:32Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()\n\nctnetlink_dump_exp_ct() stores a conntrack pointer in cb-\u003edata for the\nnetlink dump callback ctnetlink_exp_ct_dump_table(), but drops the\nconntrack reference immediately after netlink_dump_start(). When the\ndump spans multiple rounds, the second recvmsg() triggers the dump\ncallback which dereferences the now-freed conntrack via nfct_help(ct),\nleading to a use-after-free on ct-\u003eext.\n\nThe bug is that the netlink_dump_control has no .start or .done\ncallbacks to manage the conntrack reference across dump rounds. Other\ndump functions in the same file (e.g. ctnetlink_get_conntrack) properly\nuse .start/.done callbacks for this purpose.\n\nFix this by adding .start and .done callbacks that hold and release the\nconntrack reference for the duration of the dump, and move the\nnfct_help() call after the cb-\u003eargs[0] early-return check in the dump\ncallback to avoid dereferencing ct-\u003eext unnecessarily.\n\n BUG: KASAN: slab-use-after-free in ctnetlink_exp_ct_dump_table+0x4f/0x2e0\n Read of size 8 at addr ffff88810597ebf0 by task ctnetlink_poc/133\n\n CPU: 1 UID: 0 PID: 133 Comm: ctnetlink_poc Not tainted 7.0.0-rc2+ #3 PREEMPTLAZY\n Call Trace:\n \u003cTASK\u003e\n ctnetlink_exp_ct_dump_table+0x4f/0x2e0\n netlink_dump+0x333/0x880\n netlink_recvmsg+0x3e2/0x4b0\n ? aa_sk_perm+0x184/0x450\n sock_recvmsg+0xde/0xf0\n\n Allocated by task 133:\n kmem_cache_alloc_noprof+0x134/0x440\n __nf_conntrack_alloc+0xa8/0x2b0\n ctnetlink_create_conntrack+0xa1/0x900\n ctnetlink_new_conntrack+0x3cf/0x7d0\n nfnetlink_rcv_msg+0x48e/0x510\n netlink_rcv_skb+0xc9/0x1f0\n nfnetlink_rcv+0xdb/0x220\n netlink_unicast+0x3ec/0x590\n netlink_sendmsg+0x397/0x690\n __sys_sendmsg+0xf4/0x180\n\n Freed by task 0:\n slab_free_after_rcu_debug+0xad/0x1e0\n rcu_core+0x5c3/0x9c0",
"id": "GHSA-pqg4-x7w2-6f65",
"modified": "2026-07-14T15:31:47Z",
"published": "2026-04-03T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23458"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04c8907ce4e3d3e26c5e1a3e47aa5d17082cbb56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5cb81eeda909dbb2def209dd10636b51549a3f8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9821b47f669eb82791fa0b1a6ebaf9aa219bea72"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bdf2724eefd4455a66863abb025bab8d3aa98c57"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd541f15b60e2257441398cf495d978f816d09f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8cd0efbccc5cfb0a80da744a7da76e1333ab925"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f025171feef2ac65663d7986f1d5ff0c28d6b2a9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f04cc86d59906513d2d62183b882966fc0ae0390"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQGC-JQ8X-49XV
Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-07-23 00:00A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2022-1786"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "HIGH"
},
"details": "A use-after-free flaw was found in the Linux kernel\u2019s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.",
"id": "GHSA-pqgc-jq8x-49xv",
"modified": "2022-07-23T00:00:17Z",
"published": "2022-06-03T00:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1786"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087760"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220722-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5161"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQJJ-QJGJ-F2X9
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-06 15:30This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the delay method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17327.
{
"affected": [],
"aliases": [
"CVE-2022-37384"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the delay method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17327.",
"id": "GHSA-pqjj-qjgj-f2x9",
"modified": "2023-04-06T15:30:17Z",
"published": "2023-03-29T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37384"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1056"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.