CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-Q32C-F6MP-GX6H
Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-16 00:00Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-2606"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-12T20:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-q32c-f6mp-gx6h",
"modified": "2022-08-16T00:00:24Z",
"published": "2022-08-13T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2606"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1330489"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q33P-C64W-M225
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-30545"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-15T22:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-q33p-c64w-m225",
"modified": "2022-05-24T19:05:34Z",
"published": "2022-05-24T19:05:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30545"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1201031"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-06"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q34Q-MRCH-VM2X
Vulnerability from github – Published: 2024-04-10 21:30 – Updated: 2024-11-17 15:30In the Linux kernel, the following vulnerability has been resolved:
spi: fix use-after-free of the add_lock mutex
Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed:
spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock)
Move the put_device() after the mutex_unlock().
{
"affected": [],
"aliases": [
"CVE-2021-47195"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T19:15:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix use-after-free of the add_lock mutex\n\nCommit 6098475d4cb4 (\"spi: Fix deadlock when adding SPI controllers on\nSPI buses\") introduced a per-controller mutex. But mutex_unlock() of\nsaid lock is called after the controller is already freed:\n\n spi_unregister_controller(ctlr)\n -\u003e put_device(\u0026ctlr-\u003edev)\n -\u003e spi_controller_release(dev)\n -\u003e mutex_unlock(\u0026ctrl-\u003eadd_lock)\n\nMove the put_device() after the mutex_unlock().",
"id": "GHSA-q34q-mrch-vm2x",
"modified": "2024-11-17T15:30:44Z",
"published": "2024-04-10T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47195"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11eab327a2a8bd36c38afbff920ae1bd45588dd4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/37330f37f6666c7739a44b2b6b95b047ccdbed2d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/54c2c96eafcfd242e52e932ab54ace4784efe1dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c53b45c71b4920b5e62f0ea8079a1da382b9434"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q355-9R3F-48R9
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294.
{
"affected": [],
"aliases": [
"CVE-2017-16585"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-20T14:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294.",
"id": "GHSA-q355-9r3f-48r9",
"modified": "2022-05-13T01:37:25Z",
"published": "2022-05-13T01:37:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16585"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-896"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q356-M8PW-FRV3
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-01-23 15:30A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15.
{
"affected": [],
"aliases": [
"CVE-2019-2393"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-23T16:15:00Z",
"severity": "MODERATE"
},
"details": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15.",
"id": "GHSA-q356-m8pw-frv3",
"modified": "2024-01-23T15:30:55Z",
"published": "2022-05-24T17:34:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2393"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-43350"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q362-2HC9-HR5R
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2025-04-12 12:46Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
{
"affected": [],
"aliases": [
"CVE-2015-2301"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-03-30T10:59:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.",
"id": "GHSA-q362-2hc9-hr5r",
"modified": "2025-04-12T12:46:39Z",
"published": "2022-05-13T01:38:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2301"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=68901"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194747"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201606-10"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT205267"
},
{
"type": "WEB",
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b2cf3f064b8f5efef89bb084521b61318c71781b"
},
{
"type": "WEB",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2015/03/15/6"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1053.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3198"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/73037"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1031949"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2535-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q36X-5CV4-59HH
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
The mwifiex_adapter_cleanup() function uses timer_delete() (non-synchronous) for the wakeup_timer before the adapter structure is freed. This is incorrect because timer_delete() does not wait for any running timer callback to complete.
If the wakeup_timer callback (wakeup_timer_fn) is executing when mwifiex_adapter_cleanup() is called, the callback will continue to access adapter fields (adapter->hw_status, adapter->if_ops.card_reset, etc.) which may be freed by mwifiex_free_adapter() called later in the mwifiex_remove_card() path.
Use timer_delete_sync() instead to ensure any running timer callback has completed before returning.
{
"affected": [],
"aliases": [
"CVE-2026-46069"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:28Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()\n\nThe mwifiex_adapter_cleanup() function uses timer_delete()\n(non-synchronous) for the wakeup_timer before the adapter structure is\nfreed. This is incorrect because timer_delete() does not wait for any\nrunning timer callback to complete.\n\nIf the wakeup_timer callback (wakeup_timer_fn) is executing when\nmwifiex_adapter_cleanup() is called, the callback will continue to\naccess adapter fields (adapter-\u003ehw_status, adapter-\u003eif_ops.card_reset,\netc.) which may be freed by mwifiex_free_adapter() called later in the\nmwifiex_remove_card() path.\n\nUse timer_delete_sync() instead to ensure any running timer callback has\ncompleted before returning.",
"id": "GHSA-q36x-5cv4-59hh",
"modified": "2026-06-24T18:32:29Z",
"published": "2026-05-27T15:33:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46069"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/030abbae49cf9fd1fba7aa08e15ec81efbeb78cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11869ce402d95519d49b25a2a97741f68d69d103"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1958a92599b2653d730ccb6f5685fc3fbed21812"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4e179a60a60c0a5aea245e8e67768343c0f070b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/63fe3389b3e092d6c0eeea9fc0318e7918b16618"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a88f5391dc68f78cae5eb6a8cd341cafee795d3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae5e95d4157481693be2317e3ffcd84e36010cbb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3508895450cca4aeaf5dbadbb5e582363005264"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q376-JH5M-V6WP
Vulnerability from github – Published: 2025-08-26 21:31 – Updated: 2025-08-27 15:33Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2025-9478"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T19:15:51Z",
"severity": "HIGH"
},
"details": "Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-q376-jh5m-v6wp",
"modified": "2025-08-27T15:33:14Z",
"published": "2025-08-26T21:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9478"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_26.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/437825940"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q39P-C62C-433G
Vulnerability from github – Published: 2022-05-14 03:01 – Updated: 2022-05-14 03:01While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear.
{
"affected": [],
"aliases": [
"CVE-2018-5891"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-06T17:29:00Z",
"severity": "HIGH"
},
"details": "While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear.",
"id": "GHSA-q39p-c62c-433g",
"modified": "2022-05-14T03:01:06Z",
"published": "2022-05-14T03:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5891"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q39Q-JXVP-53MM
Vulnerability from github – Published: 2022-05-14 03:09 – Updated: 2024-10-21 15:32A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
{
"affected": [],
"aliases": [
"CVE-2017-5440"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"id": "GHSA-q39q-jxvp-53mm",
"modified": "2024-10-21T15:32:20Z",
"published": "2022-05-14T03:09:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5440"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1106"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336832"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038320"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.