Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9815 vulnerabilities reference this CWE, most recent first.

GHSA-PWJ5-GQJX-3GMW

Vulnerability from github – Published: 2025-02-11 18:31 – Updated: 2025-02-11 18:31
VLAI
Details

Microsoft Excel Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-11T18:15:37Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Excel Remote Code Execution Vulnerability",
  "id": "GHSA-pwj5-gqjx-3gmw",
  "modified": "2025-02-11T18:31:39Z",
  "published": "2025-02-11T18:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21387"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21387"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWMJ-FF87-VJPM

Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2024-11-27 21:32
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17633.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37359"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-29T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17633.",
  "id": "GHSA-pwmj-ff87-vjpm",
  "modified": "2024-11-27T21:32:41Z",
  "published": "2023-03-29T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37359"
    },
    {
      "type": "WEB",
      "url": "https://www.tracker-software.com/product/pdf-xchange-editor/history"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1087"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWMR-WM2X-H5P8

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-15T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240",
  "id": "GHSA-pwmr-wm2x-h5p8",
  "modified": "2022-05-24T17:36:24Z",
  "published": "2022-05-24T17:36:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0474"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2020-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PWPQ-539C-MRGV

Vulnerability from github – Published: 2024-01-11 00:30 – Updated: 2024-01-18 15:30
VLAI
Details

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32378"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-10T22:15:47Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-pwpq-539c-mrgv",
  "modified": "2024-01-18T15:30:35Z",
  "published": "2024-01-11T00:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32378"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213670"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213675"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213677"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWQ9-P8HH-8P6J

Vulnerability from github – Published: 2024-10-08 06:30 – Updated: 2024-10-08 06:30
VLAI
Details

in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39831"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-08T04:15:07Z",
    "severity": "MODERATE"
  },
  "details": "in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.",
  "id": "GHSA-pwq9-p8hh-8p6j",
  "modified": "2024-10-08T06:30:47Z",
  "published": "2024-10-08T06:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39831"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWRG-H5J6-7F43

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:06
VLAI
Details

Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-29T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.",
  "id": "GHSA-pwrg-h5j6-7f43",
  "modified": "2024-04-04T01:06:50Z",
  "published": "2022-05-24T16:49:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13045"
    },
    {
      "type": "WEB",
      "url": "https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955"
    },
    {
      "type": "WEB",
      "url": "https://irssi.org/security/irssi_sa_2019_06.txt"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Jun/41"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4046-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/153480/Slackware-Security-Advisory-irssi-Updates.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/29/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108998"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWVQ-PX6V-HPC8

Vulnerability from github – Published: 2022-05-14 01:29 – Updated: 2022-05-14 01:29
VLAI
Details

Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-04T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.",
  "id": "GHSA-pwvq-px6v-hpc8",
  "modified": "2022-05-14T01:29:43Z",
  "published": "2022-05-14T01:29:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6085"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1195"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/826626"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201804-22"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4182"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103917"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWWC-8QXC-5W7F

Vulnerability from github – Published: 2024-02-27 21:31 – Updated: 2024-08-01 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: qrtr: Avoid potential use after free in MHI send

It is possible that the MHI ul_callback will be invoked immediately following the queueing of the skb for transmission, leading to the callback decrementing the refcount of the associated sk and freeing the skb.

As such the dereference of skb and the increment of the sk refcount must happen before the skb is queued, to avoid the skb to be used after free and potentially the sk to drop its last refcount..

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T19:04:07Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: Avoid potential use after free in MHI send\n\nIt is possible that the MHI ul_callback will be invoked immediately\nfollowing the queueing of the skb for transmission, leading to the\ncallback decrementing the refcount of the associated sk and freeing the\nskb.\n\nAs such the dereference of skb and the increment of the sk refcount must\nhappen before the skb is queued, to avoid the skb to be used after free\nand potentially the sk to drop its last refcount..",
  "id": "GHSA-pwwc-8qxc-5w7f",
  "modified": "2024-08-01T15:31:28Z",
  "published": "2024-02-27T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46973"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWWJ-WFMW-V2H8

Vulnerability from github – Published: 2022-11-30 00:30 – Updated: 2022-12-02 00:30
VLAI
Details

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-30T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)",
  "id": "GHSA-pwwj-wfmw-v2h8",
  "modified": "2022-12-02T00:30:25Z",
  "published": "2022-11-30T00:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4192"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1344514"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-10"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWWP-3Q7J-9MX8

Vulnerability from github – Published: 2024-09-17 21:30 – Updated: 2024-09-25 18:18
VLAI
Summary
Use After Free in MicroPython
Details

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "micropython-copy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.3.3.post3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "micropython-io"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-8947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-25T18:18:16Z",
    "nvd_published_at": "2024-09-17T19:15:29Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.",
  "id": "GHSA-pwwp-3q7j-9mx8",
  "modified": "2024-09-25T18:18:16Z",
  "published": "2024-09-17T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8947"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micropython/micropython/issues/13283"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micropython/micropython/issues/13283#issuecomment-1918479709"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micropython/micropython/commit/4bed614e707c0644c06e117f848fa12605c711cd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micropython/micropython/releases/tag/v1.23.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/micropython-copy/PYSEC-2024-92.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/micropython-io/PYSEC-2024-94.yaml"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.277765"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.277765"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.409316"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Use After Free in MicroPython"
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.