CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9820 vulnerabilities reference this CWE, most recent first.
GHSA-PX3C-HJRM-VG8H
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.
{
"affected": [],
"aliases": [
"CVE-2011-3885"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-10-25T19:55:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.",
"id": "GHSA-px3c-hjrm-vg8h",
"modified": "2022-05-13T01:26:45Z",
"published": "2022-05-13T01:26:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3885"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70963"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73804"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13216"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=100059"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=97599"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=98064"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=98556"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=99294"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=99880"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48274"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48288"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48377"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026774"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PX4J-3W3F-839R
Vulnerability from github – Published: 2024-04-02 21:30 – Updated: 2024-04-02 21:30Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22798.
{
"affected": [],
"aliases": [
"CVE-2024-30362"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-02T21:15:49Z",
"severity": "HIGH"
},
"details": "Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22798.",
"id": "GHSA-px4j-3w3f-839r",
"modified": "2024-04-02T21:30:30Z",
"published": "2024-04-02T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30362"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-339"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX6H-65PJ-6GQ3
Vulnerability from github – Published: 2021-11-17 19:13 – Updated: 2025-11-03 21:30A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
{
"affected": [],
"aliases": [
"CVE-2021-42385"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-15T21:15:00Z",
"severity": "HIGH"
},
"details": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
"id": "GHSA-px6h-65pj-6gq3",
"modified": "2025-11-03T21:30:36Z",
"published": "2021-11-17T19:13:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42385"
},
{
"type": "WEB",
"url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
},
{
"type": "WEB",
"url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211223-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX7Q-GGQJ-HCF2
Vulnerability from github – Published: 2026-06-26 16:21 – Updated: 2026-06-26 16:21When an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.14.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53462"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-26T16:21:36Z",
"nvd_published_at": "2026-06-10T23:16:50Z",
"severity": "MODERATE"
},
"details": "When an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash.",
"id": "GHSA-px7q-ggqj-hcf2",
"modified": "2026-06-26T16:21:36Z",
"published": "2026-06-26T16:21:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53462"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.14.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails"
}
GHSA-PX7V-6VJG-48CM
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.
{
"affected": [],
"aliases": [
"CVE-2017-13154"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-06T14:29:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.",
"id": "GHSA-px7v-6vjg-48cm",
"modified": "2022-05-13T01:43:03Z",
"published": "2022-05-13T01:43:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13154"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX8F-C3GW-M3MH
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.
{
"affected": [],
"aliases": [
"CVE-2011-3017"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-02-16T20:55:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.",
"id": "GHSA-px8f-c3gw-m3mh",
"modified": "2022-05-13T01:27:14Z",
"published": "2022-05-13T01:27:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3017"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14667"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=108695"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48016"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PX9H-HQW8-R2J9
Vulnerability from github – Published: 2024-04-23 09:30 – Updated: 2024-07-03 18:36QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.
{
"affected": [],
"aliases": [
"CVE-2023-48184"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-23T07:15:42Z",
"severity": "LOW"
},
"details": "QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.",
"id": "GHSA-px9h-hqw8-r2j9",
"modified": "2024-07-03T18:36:39Z",
"published": "2024-04-23T09:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48184"
},
{
"type": "WEB",
"url": "https://github.com/bellard/quickjs/issues/198"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PX9X-JP5P-M4G4
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 21:30In the Linux kernel, the following vulnerability has been resolved:
alloc_tag: allocate percpu counters for module tags dynamically
When a module gets unloaded it checks whether any of its tags are still in use and if so, we keep the memory containing module's allocation tags alive until all tags are unused. However percpu counters referenced by the tags are freed by free_module(). This will lead to UAF if the memory allocated by a module is accessed after module was unloaded.
To fix this we allocate percpu counters for module allocation tags dynamically and we keep it alive for tags which are still in use after module unloading. This also removes the requirement of a larger PERCPU_MODULE_RESERVE when memory allocation profiling is enabled because percpu memory for counters does not need to be reserved anymore.
{
"affected": [],
"aliases": [
"CVE-2025-38076"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T10:15:41Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nalloc_tag: allocate percpu counters for module tags dynamically\n\nWhen a module gets unloaded it checks whether any of its tags are still in\nuse and if so, we keep the memory containing module\u0027s allocation tags\nalive until all tags are unused. However percpu counters referenced by\nthe tags are freed by free_module(). This will lead to UAF if the memory\nallocated by a module is accessed after module was unloaded.\n\nTo fix this we allocate percpu counters for module allocation tags\ndynamically and we keep it alive for tags which are still in use after\nmodule unloading. This also removes the requirement of a larger\nPERCPU_MODULE_RESERVE when memory allocation profiling is enabled because\npercpu memory for counters does not need to be reserved anymore.",
"id": "GHSA-px9x-jp5p-m4g4",
"modified": "2025-11-14T21:30:27Z",
"published": "2025-06-18T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38076"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12ca42c237756182aad8ab04654c952765cb9061"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3cc733e6d96c938d2b82be96858a0ab900eb6fdc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PXC5-GV24-JRRM
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-59234"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:16:05Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.",
"id": "GHSA-pxc5-gv24-jrrm",
"modified": "2025-10-14T18:30:35Z",
"published": "2025-10-14T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59234"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59234"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PXH8-VQH4-J2QQ
Vulnerability from github – Published: 2022-05-14 03:56 – Updated: 2022-05-14 03:56spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
{
"affected": [],
"aliases": [
"CVE-2016-5771"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-08-07T10:59:00Z",
"severity": "CRITICAL"
},
"details": "spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.",
"id": "GHSA-pxh8-vqh4-j2qq",
"modified": "2022-05-14T03:56:21Z",
"published": "2022-05-14T03:56:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5771"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=72433"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207170"
},
{
"type": "WEB",
"url": "http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3618"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/23/4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91401"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.