CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9815 vulnerabilities reference this CWE, most recent first.
GHSA-PWJ5-GQJX-3GMW
Vulnerability from github – Published: 2025-02-11 18:31 – Updated: 2025-02-11 18:31Microsoft Excel Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21387"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T18:15:37Z",
"severity": "HIGH"
},
"details": "Microsoft Excel Remote Code Execution Vulnerability",
"id": "GHSA-pwj5-gqjx-3gmw",
"modified": "2025-02-11T18:31:39Z",
"published": "2025-02-11T18:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21387"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21387"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWMJ-FF87-VJPM
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2024-11-27 21:32This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17633.
{
"affected": [],
"aliases": [
"CVE-2022-37359"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17633.",
"id": "GHSA-pwmj-ff87-vjpm",
"modified": "2024-11-27T21:32:41Z",
"published": "2023-03-29T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37359"
},
{
"type": "WEB",
"url": "https://www.tracker-software.com/product/pdf-xchange-editor/history"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1087"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWMR-WM2X-H5P8
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240
{
"affected": [],
"aliases": [
"CVE-2020-0474"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-15T16:15:00Z",
"severity": "HIGH"
},
"details": "In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240",
"id": "GHSA-pwmr-wm2x-h5p8",
"modified": "2022-05-24T17:36:24Z",
"published": "2022-05-24T17:36:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0474"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2020-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PWPQ-539C-MRGV
Vulnerability from github – Published: 2024-01-11 00:30 – Updated: 2024-01-18 15:30A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2023-32378"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-10T22:15:47Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-pwpq-539c-mrgv",
"modified": "2024-01-18T15:30:35Z",
"published": "2024-01-11T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32378"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213670"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213675"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213677"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWQ9-P8HH-8P6J
Vulnerability from github – Published: 2024-10-08 06:30 – Updated: 2024-10-08 06:30in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.
{
"affected": [],
"aliases": [
"CVE-2024-39831"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T04:15:07Z",
"severity": "MODERATE"
},
"details": "in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.",
"id": "GHSA-pwq9-p8hh-8p6j",
"modified": "2024-10-08T06:30:47Z",
"published": "2024-10-08T06:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39831"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PWRG-H5J6-7F43
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:06Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
{
"affected": [],
"aliases": [
"CVE-2019-13045"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-29T14:15:00Z",
"severity": "HIGH"
},
"details": "Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.",
"id": "GHSA-pwrg-h5j6-7f43",
"modified": "2024-04-04T01:06:50Z",
"published": "2022-05-24T16:49:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13045"
},
{
"type": "WEB",
"url": "https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955"
},
{
"type": "WEB",
"url": "https://irssi.org/security/irssi_sa_2019_06.txt"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jun/41"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4046-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00030.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153480/Slackware-Security-Advisory-irssi-Updates.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/06/29/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108998"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWVQ-PX6V-HPC8
Vulnerability from github – Published: 2022-05-14 01:29 – Updated: 2022-05-14 01:29Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2018-6085"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-04T17:29:00Z",
"severity": "HIGH"
},
"details": "Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.",
"id": "GHSA-pwvq-px6v-hpc8",
"modified": "2022-05-14T01:29:43Z",
"published": "2022-05-14T01:29:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6085"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1195"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/826626"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201804-22"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103917"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWWC-8QXC-5W7F
Vulnerability from github – Published: 2024-02-27 21:31 – Updated: 2024-08-01 15:31In the Linux kernel, the following vulnerability has been resolved:
net: qrtr: Avoid potential use after free in MHI send
It is possible that the MHI ul_callback will be invoked immediately following the queueing of the skb for transmission, leading to the callback decrementing the refcount of the associated sk and freeing the skb.
As such the dereference of skb and the increment of the sk refcount must happen before the skb is queued, to avoid the skb to be used after free and potentially the sk to drop its last refcount..
{
"affected": [],
"aliases": [
"CVE-2021-46973"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T19:04:07Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: Avoid potential use after free in MHI send\n\nIt is possible that the MHI ul_callback will be invoked immediately\nfollowing the queueing of the skb for transmission, leading to the\ncallback decrementing the refcount of the associated sk and freeing the\nskb.\n\nAs such the dereference of skb and the increment of the sk refcount must\nhappen before the skb is queued, to avoid the skb to be used after free\nand potentially the sk to drop its last refcount..",
"id": "GHSA-pwwc-8qxc-5w7f",
"modified": "2024-08-01T15:31:28Z",
"published": "2024-02-27T21:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46973"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWWJ-WFMW-V2H8
Vulnerability from github – Published: 2022-11-30 00:30 – Updated: 2022-12-02 00:30Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2022-4192"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-30T00:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)",
"id": "GHSA-pwwj-wfmw-v2h8",
"modified": "2022-12-02T00:30:25Z",
"published": "2022-11-30T00:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4192"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1344514"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWWP-3Q7J-9MX8
Vulnerability from github – Published: 2024-09-17 21:30 – Updated: 2024-09-25 18:18A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "micropython-copy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.3.3.post3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "micropython-io"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-8947"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-25T18:18:16Z",
"nvd_published_at": "2024-09-17T19:15:29Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.",
"id": "GHSA-pwwp-3q7j-9mx8",
"modified": "2024-09-25T18:18:16Z",
"published": "2024-09-17T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8947"
},
{
"type": "WEB",
"url": "https://github.com/micropython/micropython/issues/13283"
},
{
"type": "WEB",
"url": "https://github.com/micropython/micropython/issues/13283#issuecomment-1918479709"
},
{
"type": "WEB",
"url": "https://github.com/micropython/micropython/commit/4bed614e707c0644c06e117f848fa12605c711cd"
},
{
"type": "WEB",
"url": "https://github.com/micropython/micropython/releases/tag/v1.23.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/micropython-copy/PYSEC-2024-92.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/micropython-io/PYSEC-2024-94.yaml"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.277765"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.277765"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.409316"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Use After Free in MicroPython"
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.