CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-4J6M-CXX4-9X6Q
Vulnerability from github – Published: 2023-04-05 21:30 – Updated: 2025-02-12 18:31A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.
{
"affected": [],
"aliases": [
"CVE-2023-1855"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-05T20:15:00Z",
"severity": "MODERATE"
},
"details": "A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.",
"id": "GHSA-4j6m-cxx4-9x6q",
"modified": "2025-02-12T18:31:20Z",
"published": "2023-04-05T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1855"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20230318122758.2140868-1-linux%40roeck-us.net"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4J6X-XR54-7MGG
Vulnerability from github – Published: 2023-12-05 00:31 – Updated: 2023-12-08 18:30In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-40084"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-04T23:15:24Z",
"severity": "HIGH"
},
"details": "In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-4j6x-xr54-7mgg",
"modified": "2023-12-08T18:30:40Z",
"published": "2023-12-05T00:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40084"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/system/netd/+/1b8bddd96b2efd4074b6d4eee377b62077c031bd"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4J7F-W856-R2V2
Vulnerability from github – Published: 2024-10-08 12:30 – Updated: 2024-10-08 12:30CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file.
{
"affected": [],
"aliases": [
"CVE-2024-8422"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T10:15:04Z",
"severity": "HIGH"
},
"details": "CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial\nof service and loss of confidentiality \u0026 integrity when application user opens a malicious Zelio\nSoft 2 project file.",
"id": "GHSA-4j7f-w856-r2v2",
"modified": "2024-10-08T12:30:21Z",
"published": "2024-10-08T12:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8422"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-282-06.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4J7P-PWP5-4V56
Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-28 09:31In the Linux kernel, the following vulnerability has been resolved:
ocfs2: validate bg_bits during freefrag scan
[BUG] A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2_IOC_INFO is issued with OCFS2_INFO_FL_NON_COHERENT.
BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: use-after-free in test_bit_le include/asm-generic/bitops/le.h:21 [inline] BUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline] BUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline] BUG: KASAN: use-after-free in ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline] BUG: KASAN: use-after-free in ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754 Read of size 8 at addr ffff888031bce000 by task syz.0.636/1435 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbe/0x130 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xd1/0x650 mm/kasan/report.c:482 kasan_report+0xfb/0x140 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:186 [inline] kasan_check_range+0x11c/0x200 mm/kasan/generic.c:200 __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] test_bit_le include/asm-generic/bitops/le.h:21 [inline] ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline] ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline] ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline] ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754 ocfs2_info_handle+0x18d/0x2a0 fs/ocfs2/ioctl.c:828 ocfs2_ioctl+0x632/0x6e0 fs/ocfs2/ioctl.c:913 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] __se_sys_ioctl fs/ioctl.c:583 [inline] __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583 ...
[CAUSE] ocfs2_info_freefrag_scan_chain() uses on-disk bg_bits directly as the bitmap scan limit. The coherent path reads group descriptors through ocfs2_read_group_descriptor(), which validates the descriptor before use. The non-coherent path uses ocfs2_read_blocks_sync() instead and skips that validation, so an impossible bg_bits value can drive the bitmap walk past the end of the block.
[FIX] Compute the bitmap capacity from the filesystem format with ocfs2_group_bitmap_size(), report descriptors whose bg_bits exceeds that limit, and clamp the scan to the computed capacity. This keeps the freefrag report going while avoiding reads beyond the buffer.
{
"affected": [],
"aliases": [
"CVE-2026-53040"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T17:17:15Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: validate bg_bits during freefrag scan\n\n[BUG]\nA crafted filesystem can trigger an out-of-bounds bitmap walk when\nOCFS2_IOC_INFO is issued with OCFS2_INFO_FL_NON_COHERENT.\n\nBUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: use-after-free in test_bit_le include/asm-generic/bitops/le.h:21 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline]\nBUG: KASAN: use-after-free in ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754\nRead of size 8 at addr ffff888031bce000 by task syz.0.636/1435\nCall Trace:\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbe/0x130 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xd1/0x650 mm/kasan/report.c:482\n kasan_report+0xfb/0x140 mm/kasan/report.c:595\n check_region_inline mm/kasan/generic.c:186 [inline]\n kasan_check_range+0x11c/0x200 mm/kasan/generic.c:200\n __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n test_bit_le include/asm-generic/bitops/le.h:21 [inline]\n ocfs2_info_freefrag_scan_chain fs/ocfs2/ioctl.c:495 [inline]\n ocfs2_info_freefrag_scan_bitmap fs/ocfs2/ioctl.c:588 [inline]\n ocfs2_info_handle_freefrag fs/ocfs2/ioctl.c:662 [inline]\n ocfs2_info_handle_request+0x1c66/0x3370 fs/ocfs2/ioctl.c:754\n ocfs2_info_handle+0x18d/0x2a0 fs/ocfs2/ioctl.c:828\n ocfs2_ioctl+0x632/0x6e0 fs/ocfs2/ioctl.c:913\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl fs/ioctl.c:583 [inline]\n __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583\n ...\n\n[CAUSE]\nocfs2_info_freefrag_scan_chain() uses on-disk bg_bits directly as the\nbitmap scan limit. The coherent path reads group descriptors through\nocfs2_read_group_descriptor(), which validates the descriptor before\nuse. The non-coherent path uses ocfs2_read_blocks_sync() instead and\nskips that validation, so an impossible bg_bits value can drive the\nbitmap walk past the end of the block.\n\n[FIX]\nCompute the bitmap capacity from the filesystem format with\nocfs2_group_bitmap_size(), report descriptors whose bg_bits exceeds\nthat limit, and clamp the scan to the computed capacity. This keeps the\nfreefrag report going while avoiding reads beyond the buffer.",
"id": "GHSA-4j7p-pwp5-4v56",
"modified": "2026-06-28T09:31:39Z",
"published": "2026-06-24T18:32:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53040"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05d0cbea41167b6b061c6ba5b70ee5a9a7a24c9e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0998674eec138c55e9e349b9cbd9dbc5129a9cc8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3e167e230d19cd273108bab2e4c61800fc335ae8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4c2d62ddde8928db12f4608950b67a20e67deab2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f687eeed3da3012152b0f9473f578869de0cd7b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb2906a1065ec28de021bac2ed03f2624edd7d07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb3c54d1e71578521111f1a1ee7d5f4761a242b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e0dcf12665d6dde37facf790803cdad44d5c328c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4J7W-X6GV-JWVH
Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-12 18:30In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix use-after-free
We've already freed the assoc_data at this point, so need to use another copy of the AP (MLD) address instead.
{
"affected": [],
"aliases": [
"CVE-2022-50413"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T16:15:44Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix use-after-free\n\nWe\u0027ve already freed the assoc_data at this point, so need\nto use another copy of the AP (MLD) address instead.",
"id": "GHSA-4j7w-x6gv-jwvh",
"modified": "2025-12-12T18:30:28Z",
"published": "2025-09-18T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50413"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/40fb87129049ec5876dabf4a4d4aed6642b31f1a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aebef10affe16228462af680b88751bf137e2856"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4J7X-78X6-53CX
Vulnerability from github – Published: 2023-10-25 21:30 – Updated: 2023-11-02 15:30A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2023-41976"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T19:15:09Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"id": "GHSA-4j7x-78x6-53cx",
"modified": "2023-11-02T15:30:24Z",
"published": "2023-10-25T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41976"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213981"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213986"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213987"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213988"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213984"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/22"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/27"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JMQ-69HM-3JP3
Vulnerability from github – Published: 2026-02-20 00:31 – Updated: 2026-02-20 00:31Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.
{
"affected": [],
"aliases": [
"CVE-2026-2408"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-20T00:16:17Z",
"severity": "MODERATE"
},
"details": "Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.",
"id": "GHSA-4jmq-69hm-3jp3",
"modified": "2026-02-20T00:31:53Z",
"published": "2026-02-20T00:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2408"
},
{
"type": "WEB",
"url": "https://security.tanium.com/TAN-2026-005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JMR-68H5-QQ5J
Vulnerability from github – Published: 2022-07-19 00:00 – Updated: 2022-07-24 00:00This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16663.
{
"affected": [],
"aliases": [
"CVE-2022-28677"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-18T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16663.",
"id": "GHSA-4jmr-68h5-qq5j",
"modified": "2022-07-24T00:00:35Z",
"published": "2022-07-19T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28677"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-768"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JPQ-PPPF-54F2
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.
{
"affected": [],
"aliases": [
"CVE-2011-3039"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-03-05T19:55:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.",
"id": "GHSA-4jpq-pppf-54f2",
"modified": "2022-05-13T01:27:18Z",
"published": "2022-05-13T01:27:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3039"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73650"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14904"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=113707"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48265"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48419"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48527"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5400"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5485"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5503"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/52271"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026759"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4JQM-RRQP-WMFR
Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085
{
"affected": [],
"aliases": [
"CVE-2020-0330"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-17T21:15:00Z",
"severity": "MODERATE"
},
"details": "In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085",
"id": "GHSA-4jqm-rrqp-wmfr",
"modified": "2022-05-24T17:28:38Z",
"published": "2022-05-24T17:28:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0330"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-11"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.