Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-Q5J2-V8Q9-65C8

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2023-12-28 21:30
VLAI
Details

Microsoft Word Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38656"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-15T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Word Remote Code Execution Vulnerability",
  "id": "GHSA-q5j2-v8q9-65c8",
  "modified": "2023-12-28T21:30:30Z",
  "published": "2022-05-24T19:14:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38656"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38656"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1082"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5MW-FX98-RV2Q

Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32
VLAI
Details

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
  "id": "GHSA-q5mw-fx98-rv2q",
  "modified": "2025-11-25T18:32:09Z",
  "published": "2022-05-14T03:10:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7802"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2456"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2534"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1378147"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201803-14"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3928"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3968"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-18"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-19"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-20"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100202"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039124"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5P3-272V-JQ48

Vulnerability from github – Published: 2022-01-14 00:01 – Updated: 2022-01-15 00:02
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14862.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34895"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-13T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14862.",
  "id": "GHSA-q5p3-272v-jq48",
  "modified": "2022-01-15T00:02:29Z",
  "published": "2022-01-14T00:01:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34895"
    },
    {
      "type": "WEB",
      "url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1484"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q5RF-FGXQ-R728

Vulnerability from github – Published: 2026-06-09 18:31 – Updated: 2026-06-09 18:31
VLAI
Details

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-48563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:44Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.",
  "id": "GHSA-q5rf-fgxq-r728",
  "modified": "2026-06-09T18:31:00Z",
  "published": "2026-06-09T18:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48563"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5V4-CR9J-2VF7

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5382.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9945"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-17T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5382.",
  "id": "GHSA-q5v4-cr9j-2vf7",
  "modified": "2022-05-13T01:31:39Z",
  "published": "2022-05-13T01:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9945"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-329"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q628-R862-R4HW

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19067.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:57Z",
    "severity": "HIGH"
  },
  "details": "Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19067.",
  "id": "GHSA-q628-r862-r4hw",
  "modified": "2024-05-03T03:31:04Z",
  "published": "2024-05-03T03:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44430"
    },
    {
      "type": "WEB",
      "url": "https://www.bentley.com/advisories/be-2022-0019"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q63V-PVCJ-4QMH

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59189"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:57Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.",
  "id": "GHSA-q63v-pvcj-4qmh",
  "modified": "2025-10-14T18:30:33Z",
  "published": "2025-10-14T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59189"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59189"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q648-4769-6M83

Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-05-17 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete

This fixes the condition checking so mgmt_pending_valid is executed whenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd) would kfree(cmd) without unlinking it from the list first, leaving a dangling pointer. Any subsequent list traversal (e.g., mgmt_pending_foreach during __mgmt_power_off, or another mgmt_pending_valid call) would dereference freed memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T14:16:50Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete\n\nThis fixes the condition checking so mgmt_pending_valid is executed\nwhenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd)\nwould kfree(cmd) without unlinking it from the list first, leaving a\ndangling pointer. Any subsequent list traversal (e.g.,\nmgmt_pending_foreach during __mgmt_power_off, or another\nmgmt_pending_valid call) would dereference freed memory.",
  "id": "GHSA-q648-4769-6m83",
  "modified": "2026-05-17T18:30:26Z",
  "published": "2026-04-22T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31511"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2074dfffad76981ca451cb7fc98703d04ac562fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/340666172cf747de58c283d2eef1f335f050538b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a89c33deffb3cb7877a7ea2e50734cd12b064f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f5fa4cd35f707344f65ce9e225b6528691dbbaa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bafec9325d4de26b6c49db75b5d5172de652aae0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q697-JX8Q-HVF2

Vulnerability from github – Published: 2023-04-19 21:30 – Updated: 2024-04-04 03:36
VLAI
Details

In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-19T20:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758",
  "id": "GHSA-q697-jx8q-hvf2",
  "modified": "2024-04-04T03:36:07Z",
  "published": "2023-04-19T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21096"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-04-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6CH-8CP2-XFHP

Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-11-18 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using

Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent process of the container is terminated.

This issue occurs because, under certain configurations, Docker does not properly propagate the mount replica back to the original mount point.

In this case, when the user driver detaches, the WQ is destroyed but it still calls destroy_workqueue() attempting to completes all pending work. It's necessary to check wq->wq and skip the drain if it no longer exists.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T13:15:25Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt\u0027s necessary to check wq-\u003ewq and skip the drain if it no longer exists.",
  "id": "GHSA-q6ch-8cp2-xfhp",
  "modified": "2025-11-18T21:32:29Z",
  "published": "2025-07-25T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38369"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17502e7d7b7113346296f6758324798d536c31fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/98fd66c8ba77e3a7137575f610271014bc0e701f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aee7a7439f8c0884da87694a401930204a57128f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0051a3daa8b2cb318b03b2f9317c3e40855847a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.