Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-QJRV-WMMP-JVG2

Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2025-04-20 03:37
VLAI
Details

The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-14T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.",
  "id": "GHSA-qjrv-wmmp-jvg2",
  "modified": "2025-04-20T03:37:40Z",
  "published": "2022-05-17T00:26:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7487"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447734"
    },
    {
      "type": "WEB",
      "url": "https://patchwork.ozlabs.org/patch/757549"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-09-01"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3886"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98439"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039237"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJW7-2JWF-RHCV

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33
VLAI
Details

In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-10T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143",
  "id": "GHSA-qjw7-2jwf-rhcv",
  "modified": "2022-05-24T17:33:27Z",
  "published": "2022-05-24T17:33:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0449"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2020-11-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QJWW-GPP2-8QH6

Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:33
VLAI
Details

Memory corruption due to use after free in Core when multiple DCI clients register and deregister.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T08:15:10Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption due to use after free in Core when multiple DCI clients register and deregister.",
  "id": "GHSA-qjww-gpp2-8qh6",
  "modified": "2024-04-04T04:33:46Z",
  "published": "2023-06-06T09:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33263"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJXR-Q7QW-GGF6

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01
VLAI
Details

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-3941"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-08T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u0027s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.",
  "id": "GHSA-qjxr-q7qw-ggf6",
  "modified": "2022-05-13T01:01:54Z",
  "published": "2022-05-13T01:01:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3941"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0608"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041769"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM39-44MJ-VQVQ

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2025-01-14 21:31
VLAI
Details

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-12T07:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.",
  "id": "GHSA-qm39-44mj-vqvq",
  "modified": "2025-01-14T21:31:41Z",
  "published": "2022-05-24T17:44:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27646"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-339"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-340"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM3W-GMJM-6HCH

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54
VLAI
Details

Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-20T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-qm3w-gmjm-6hch",
  "modified": "2022-05-24T16:54:14Z",
  "published": "2022-05-24T16:54:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8036"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-41.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QM69-CR5H-7X64

Vulnerability from github – Published: 2024-05-23 09:30 – Updated: 2025-01-07 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: msft: fix slab-use-after-free in msft_do_close()

Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case:

[use] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- passed. return; mutex_lock(&msft->filter_lock); ...(4) <- used after freed.

[free] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed.

================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-23T07:15:08Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: fix slab-use-after-free in msft_do_close()\n\nTying the msft-\u003edata lifetime to hdev by freeing it in\nhci_release_dev() to fix the following case:\n\n[use]\nmsft_do_close()\n  msft = hdev-\u003emsft_data;\n  if (!msft)                      ...(1) \u003c- passed.\n    return;\n  mutex_lock(\u0026msft-\u003efilter_lock); ...(4) \u003c- used after freed.\n\n[free]\nmsft_unregister()\n  msft = hdev-\u003emsft_data;\n  hdev-\u003emsft_data = NULL;         ...(2)\n  kfree(msft);                    ...(3) \u003c- msft is freed.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common\nkernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30\nkernel/locking/mutex.c:752\nRead of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309",
  "id": "GHSA-qm69-cr5h-7x64",
  "modified": "2025-01-07T00:31:38Z",
  "published": "2024-05-23T09:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36012"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM6C-4P7W-JXRR

Vulnerability from github – Published: 2025-02-07 12:31 – Updated: 2025-02-07 12:31
VLAI
Details

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-07T10:15:11Z",
    "severity": "HIGH"
  },
  "details": "in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.",
  "id": "GHSA-qm6c-4p7w-jxrr",
  "modified": "2025-02-07T12:31:16Z",
  "published": "2025-02-07T12:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0304"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-02.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM6R-3JCR-P3FM

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-11 19:00
VLAI
Details

A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.",
  "id": "GHSA-qm6r-3jcr-p3fm",
  "modified": "2022-10-11T19:00:52Z",
  "published": "2022-10-07T18:15:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39853"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM7Q-9QMG-QG28

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40419"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:17:20Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-qm7q-9qmg-qg28",
  "modified": "2026-05-12T18:30:45Z",
  "published": "2026-05-12T18:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40419"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.