Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-Q3CC-7P7G-392C

Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:08
VLAI
Summary
Use after free in rusqlite
Details

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "rusqlite"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.23.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35873"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:08:56Z",
    "nvd_published_at": "2020-12-31T10:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.",
  "id": "GHSA-q3cc-7p7g-392c",
  "modified": "2021-08-19T21:08:56Z",
  "published": "2021-08-25T20:47:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35873"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rusqlite/rusqlite/commit/ac30e169ae51b262bc8cf7026469851ce39b23c6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rusqlite/rusqlite"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use after free in rusqlite"
}

GHSA-Q3FR-W6RP-RJ7G

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55335"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:46Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.",
  "id": "GHSA-q3fr-w6rp-rj7g",
  "modified": "2025-10-14T18:30:30Z",
  "published": "2025-10-14T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55335"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55335"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q3GQ-RG4M-VGRP

Vulnerability from github – Published: 2023-11-08 21:30 – Updated: 2023-11-15 18:30
VLAI
Details

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-08T20:15:07Z",
    "severity": "HIGH"
  },
  "details": "Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-q3gq-rg4m-vgrp",
  "modified": "2023-11-15T18:30:21Z",
  "published": "2023-11-08T21:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5996"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1497859"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202312-07"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-34"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5551"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q3J6-J6M8-FX65

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T13:19:59Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
  "id": "GHSA-q3j6-j6m8-fx65",
  "modified": "2026-06-17T18:35:46Z",
  "published": "2026-06-17T18:35:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12443"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/522566295"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q3MJ-V3XC-W732

Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2024-10-21 15:32
VLAI
Details

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
  "id": "GHSA-q3mj-v3xc-w732",
  "modified": "2024-10-21T15:32:17Z",
  "published": "2022-05-14T03:10:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9899"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1317409"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-15"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3757"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41042"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2016-94"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2016-95"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2016-96"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94885"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037461"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q3RG-22FP-4CR8

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02
VLAI
Details

Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5073"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-27T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
  "id": "GHSA-q3rg-22fp-4cr8",
  "modified": "2022-05-13T01:02:44Z",
  "published": "2022-05-13T01:02:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5073"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1399"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/716474"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201706-20"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98861"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038622"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q3RG-6598-285V

Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2024-07-03 18:40
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tcp: Fix Use-After-Free in tcp_ao_connect_init

Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of tcp_ao_connect_init, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free.

To prevent this, it should be changed to hlist_for_each_entry_safe.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:12:27Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix Use-After-Free in tcp_ao_connect_init\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof tcp_ao_connect_init, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
  "id": "GHSA-q3rg-6598-285v",
  "modified": "2024-07-03T18:40:10Z",
  "published": "2024-05-14T15:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27394"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80e679b352c3ce5158f3f778cfb77eb767e586fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca4fb6c6764b3f75b4f5aa81db1536291897ff7f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q3VM-F267-X4QX

Vulnerability from github – Published: 2026-03-12 00:31 – Updated: 2026-03-12 15:30
VLAI
Details

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-11T22:16:34Z",
    "severity": "HIGH"
  },
  "details": "Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-q3vm-f267-x4qx",
  "modified": "2026-03-12T15:30:24Z",
  "published": "2026-03-12T00:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3921"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/484946544"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q3XQ-VQCX-9724

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13162.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-07T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13162.",
  "id": "GHSA-q3xq-vqcx-9724",
  "modified": "2022-05-24T19:01:42Z",
  "published": "2022-05-24T19:01:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31459"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-548"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q44P-8H6W-57M6

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-30 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mac80211: fix use-after-free in CCMP/GCMP RX

When PN checking is done in mac80211, for fragmentation we need to copy the PN to the RX struct so we can later use it to do a comparison, since commit bf30ca922a0c ("mac80211: check defrag PN against current frame").

Unfortunately, in that commit I used the 'hdr' variable without it being necessarily valid, so use-after-free could occur if it was necessary to reallocate (parts of) the frame.

Fix this by reloading the variable after the code that results in the reallocations, if any.

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=214401.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:24Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix use-after-free in CCMP/GCMP RX\n\nWhen PN checking is done in mac80211, for fragmentation we need\nto copy the PN to the RX struct so we can later use it to do a\ncomparison, since commit bf30ca922a0c (\"mac80211: check defrag\nPN against current frame\").\n\nUnfortunately, in that commit I used the \u0027hdr\u0027 variable without\nit being necessarily valid, so use-after-free could occur if it\nwas necessary to reallocate (parts of) the frame.\n\nFix this by reloading the variable after the code that results\nin the reallocations, if any.\n\nThis fixes https://bugzilla.kernel.org/show_bug.cgi?id=214401.",
  "id": "GHSA-q44p-8h6w-57m6",
  "modified": "2024-12-30T21:30:46Z",
  "published": "2024-05-21T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47388"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27d3eb5616ee2c0a3b30c3fa34813368ed1f3dc9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31de381aef0ab1b342f62485118dc8a19363dc78"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d5d629c99c468458022e9b381789de3595bf4dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/447d001b875d0e7f211c4ba004916028da994258"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50149e0866a82cef33e680ee68dc380a5bc75d32"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57de2dcb18742dc2860861c9f496da7d42b67da0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/94513069eb549737bcfc3d988d6ed4da948a2de8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f556e1d6fb9f2923a9a36f3df638c7d79ba09dbb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.