Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-4J6M-CXX4-9X6Q

Vulnerability from github – Published: 2023-04-05 21:30 – Updated: 2025-02-12 18:31
VLAI
Details

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-05T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.",
  "id": "GHSA-4j6m-cxx4-9x6q",
  "modified": "2025-02-12T18:31:20Z",
  "published": "2023-04-05T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1855"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/all/20230318122758.2140868-1-linux%40roeck-us.net"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4J6X-XR54-7MGG

Vulnerability from github – Published: 2023-12-05 00:31 – Updated: 2023-12-08 18:30
VLAI
Details

In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-04T23:15:24Z",
    "severity": "HIGH"
  },
  "details": "In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-4j6x-xr54-7mgg",
  "modified": "2023-12-08T18:30:40Z",
  "published": "2023-12-05T00:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40084"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/system/netd/+/1b8bddd96b2efd4074b6d4eee377b62077c031bd"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4J7F-W856-R2V2

Vulnerability from github – Published: 2024-10-08 12:30 – Updated: 2024-10-08 12:30
VLAI
Details

CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-08T10:15:04Z",
    "severity": "HIGH"
  },
  "details": "CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial\nof service and loss of confidentiality \u0026 integrity when application user opens a malicious Zelio\nSoft 2 project file.",
  "id": "GHSA-4j7f-w856-r2v2",
  "modified": "2024-10-08T12:30:21Z",
  "published": "2024-10-08T12:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8422"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-282-06.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4J7P-PWP5-4V56

Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-28 09:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: validate bg_bits during freefrag scan

[BUG] A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2_IOC_INFO is issued with OCFS2_INFO_FL_NON_COHERENT.

BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: use-after-free in test_bit_le include/asm-generic/bitops/le.h:21 [inline] BUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline] BUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline] BUG: KASAN: use-after-free in ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline] BUG: KASAN: use-after-free in ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754 Read of size 8 at addr ffff888031bce000 by task syz.0.636/1435 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbe/0x130 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xd1/0x650 mm/kasan/report.c:482 kasan_report+0xfb/0x140 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:186 [inline] kasan_check_range+0x11c/0x200 mm/kasan/generic.c:200 __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] test_bit_le include/asm-generic/bitops/le.h:21 [inline] ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline] ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline] ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline] ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754 ocfs2_info_handle+0x18d/0x2a0 fs/ocfs2/ioctl.c:828 ocfs2_ioctl+0x632/0x6e0 fs/ocfs2/ioctl.c:913 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] __se_sys_ioctl fs/ioctl.c:583 [inline] __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583 ...

[CAUSE] ocfs2_info_freefrag_scan_chain() uses on-disk bg_bits directly as the bitmap scan limit. The coherent path reads group descriptors through ocfs2_read_group_descriptor(), which validates the descriptor before use. The non-coherent path uses ocfs2_read_blocks_sync() instead and skips that validation, so an impossible bg_bits value can drive the bitmap walk past the end of the block.

[FIX] Compute the bitmap capacity from the filesystem format with ocfs2_group_bitmap_size(), report descriptors whose bg_bits exceeds that limit, and clamp the scan to the computed capacity. This keeps the freefrag report going while avoiding reads beyond the buffer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T17:17:15Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: validate bg_bits during freefrag scan\n\n[BUG]\nA crafted filesystem can trigger an out-of-bounds bitmap walk when\nOCFS2_IOC_INFO is issued with OCFS2_INFO_FL_NON_COHERENT.\n\nBUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: use-after-free in test_bit_le include/asm-generic/bitops/le.h:21 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754\nRead of size 8 at addr ffff888031bce000 by task syz.0.636/1435\nCall Trace:\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbe/0x130 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xd1/0x650 mm/kasan/report.c:482\n kasan_report+0xfb/0x140 mm/kasan/report.c:595\n check_region_inline mm/kasan/generic.c:186 [inline]\n kasan_check_range+0x11c/0x200 mm/kasan/generic.c:200\n __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n test_bit_le include/asm-generic/bitops/le.h:21 [inline]\n ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline]\n ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline]\n ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline]\n ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754\n ocfs2_info_handle+0x18d/0x2a0 fs/ocfs2/ioctl.c:828\n ocfs2_ioctl+0x632/0x6e0 fs/ocfs2/ioctl.c:913\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl fs/ioctl.c:583 [inline]\n __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583\n ...\n\n[CAUSE]\nocfs2_info_freefrag_scan_chain() uses on-disk bg_bits directly as the\nbitmap scan limit. The coherent path reads group descriptors through\nocfs2_read_group_descriptor(), which validates the descriptor before\nuse. The non-coherent path uses ocfs2_read_blocks_sync() instead and\nskips that validation, so an impossible bg_bits value can drive the\nbitmap walk past the end of the block.\n\n[FIX]\nCompute the bitmap capacity from the filesystem format with\nocfs2_group_bitmap_size(), report descriptors whose bg_bits exceeds\nthat limit, and clamp the scan to the computed capacity. This keeps the\nfreefrag report going while avoiding reads beyond the buffer.",
  "id": "GHSA-4j7p-pwp5-4v56",
  "modified": "2026-06-28T09:31:39Z",
  "published": "2026-06-24T18:32:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53040"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05d0cbea41167b6b061c6ba5b70ee5a9a7a24c9e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0998674eec138c55e9e349b9cbd9dbc5129a9cc8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e167e230d19cd273108bab2e4c61800fc335ae8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c2d62ddde8928db12f4608950b67a20e67deab2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f687eeed3da3012152b0f9473f578869de0cd7b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bb2906a1065ec28de021bac2ed03f2624edd7d07"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bb3c54d1e71578521111f1a1ee7d5f4761a242b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0dcf12665d6dde37facf790803cdad44d5c328c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4J7W-X6GV-JWVH

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-12 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: fix use-after-free

We've already freed the assoc_data at this point, so need to use another copy of the AP (MLD) address instead.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:44Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix use-after-free\n\nWe\u0027ve already freed the assoc_data at this point, so need\nto use another copy of the AP (MLD) address instead.",
  "id": "GHSA-4j7w-x6gv-jwvh",
  "modified": "2025-12-12T18:30:28Z",
  "published": "2025-09-18T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50413"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/40fb87129049ec5876dabf4a4d4aed6642b31f1a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aebef10affe16228462af680b88751bf137e2856"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4J7X-78X6-53CX

Vulnerability from github – Published: 2023-10-25 21:30 – Updated: 2023-11-02 15:30
VLAI
Details

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-25T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
  "id": "GHSA-4j7x-78x6-53cx",
  "modified": "2023-11-02T15:30:24Z",
  "published": "2023-10-25T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41976"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213981"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213982"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213984"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213986"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213987"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213988"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213984"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/19"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/22"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/23"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/24"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/25"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/27"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4JMQ-69HM-3JP3

Vulnerability from github – Published: 2026-02-20 00:31 – Updated: 2026-02-20 00:31
VLAI
Details

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-20T00:16:17Z",
    "severity": "MODERATE"
  },
  "details": "Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.",
  "id": "GHSA-4jmq-69hm-3jp3",
  "modified": "2026-02-20T00:31:53Z",
  "published": "2026-02-20T00:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2408"
    },
    {
      "type": "WEB",
      "url": "https://security.tanium.com/TAN-2026-005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4JMR-68H5-QQ5J

Vulnerability from github – Published: 2022-07-19 00:00 – Updated: 2022-07-24 00:00
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16663.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28677"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-18T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16663.",
  "id": "GHSA-4jmr-68h5-qq5j",
  "modified": "2022-07-24T00:00:35Z",
  "published": "2022-07-19T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28677"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-768"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4JPQ-PPPF-54F2

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-03-05T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.",
  "id": "GHSA-4jpq-pppf-54f2",
  "modified": "2022-05-13T01:27:18Z",
  "published": "2022-05-13T01:27:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3039"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73650"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14904"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=113707"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48265"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48419"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48527"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5400"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5485"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5503"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52271"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026759"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4JQM-RRQP-WMFR

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28
VLAI
Details

In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-17T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085",
  "id": "GHSA-4jqm-rrqp-wmfr",
  "modified": "2022-05-24T17:28:38Z",
  "published": "2022-05-24T17:28:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0330"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.