CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-4Q9F-CG77-MM2C
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-49171"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:16:52Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-4q9f-cg77-mm2c",
"modified": "2026-07-14T18:32:00Z",
"published": "2026-07-14T18:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49171"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49171"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QCP-6VFQ-XWJ7
Vulnerability from github – Published: 2022-05-14 01:20 – Updated: 2025-04-20 03:43Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2017-11224"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-11T19:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-4qcp-6vfq-xwj7",
"modified": "2025-04-20T03:43:00Z",
"published": "2022-05-14T01:20:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11224"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100182"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039098"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-587"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QFV-QXV8-3C5X
Vulnerability from github – Published: 2022-01-28 00:01 – Updated: 2022-02-03 00:00Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).
{
"affected": [],
"aliases": [
"CVE-2021-46501"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-27T21:15:00Z",
"severity": "MODERATE"
},
"details": "Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).",
"id": "GHSA-4qfv-qxv8-3c5x",
"modified": "2022-02-03T00:00:33Z",
"published": "2022-01-28T00:01:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46501"
},
{
"type": "WEB",
"url": "https://github.com/pcmacdon/jsish/issues/86"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4QM9-V478-VH8F
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2026-40358"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:17:14Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.",
"id": "GHSA-4qm9-v478-vh8f",
"modified": "2026-05-12T18:30:44Z",
"published": "2026-05-12T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40358"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QMF-H383-PV4H
Vulnerability from github – Published: 2024-12-03 15:31 – Updated: 2024-12-03 15:31in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
{
"affected": [],
"aliases": [
"CVE-2024-10074"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-03T13:15:04Z",
"severity": "HIGH"
},
"details": "in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.",
"id": "GHSA-4qmf-h383-pv4h",
"modified": "2024-12-03T15:31:24Z",
"published": "2024-12-03T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10074"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QPH-C4VR-M25P
Vulnerability from github – Published: 2024-08-22 06:30 – Updated: 2024-08-23 03:30In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: unregister flowtable hooks on netns exit
Unregister flowtable hooks before they are releases via nf_tables_flowtable_destroy() otherwise hook core reports UAF.
BUG: KASAN: use-after-free in nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142 Read of size 4 at addr ffff8880736f7438 by task syz-executor579/3666
CPU: 0 PID: 3666 Comm: syz-executor579 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] __dump_stack lib/dump_stack.c:88 [inline] lib/dump_stack.c:106 dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 lib/dump_stack.c:106 print_address_description+0x65/0x380 mm/kasan/report.c:247 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] __kasan_report mm/kasan/report.c:433 [inline] mm/kasan/report.c:450 kasan_report+0x19a/0x1f0 mm/kasan/report.c:450 mm/kasan/report.c:450 nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142 __nf_register_net_hook+0x27e/0x8d0 net/netfilter/core.c:429 net/netfilter/core.c:429 nf_register_net_hook+0xaa/0x180 net/netfilter/core.c:571 net/netfilter/core.c:571 nft_register_flowtable_net_hooks+0x3c5/0x730 net/netfilter/nf_tables_api.c:7232 net/netfilter/nf_tables_api.c:7232 nf_tables_newflowtable+0x2022/0x2cf0 net/netfilter/nf_tables_api.c:7430 net/netfilter/nf_tables_api.c:7430 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] net/netfilter/nfnetlink.c:652 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] net/netfilter/nfnetlink.c:652 nfnetlink_rcv+0x10e6/0x2550 net/netfilter/nfnetlink.c:652 net/netfilter/nfnetlink.c:652
__nft_release_hook() calls nft_unregister_flowtable_net_hooks() which only unregisters the hooks, then after RCU grace period, it is guaranteed that no packets add new entries to the flowtable (no flow offload rules and flowtable hooks are reachable from packet path), so it is safe to call nf_flow_table_free() which cleans up the remaining entries from the flowtable (both software and hardware) and it unbinds the flow_block.
{
"affected": [],
"aliases": [
"CVE-2022-48935"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-22T04:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unregister flowtable hooks on netns exit\n\nUnregister flowtable hooks before they are releases via\nnf_tables_flowtable_destroy() otherwise hook core reports UAF.\n\nBUG: KASAN: use-after-free in nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142\nRead of size 4 at addr ffff8880736f7438 by task syz-executor579/3666\n\nCPU: 0 PID: 3666 Comm: syz-executor579 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n __dump_stack lib/dump_stack.c:88 [inline] lib/dump_stack.c:106\n dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 lib/dump_stack.c:106\n print_address_description+0x65/0x380 mm/kasan/report.c:247 mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n __kasan_report mm/kasan/report.c:433 [inline] mm/kasan/report.c:450\n kasan_report+0x19a/0x1f0 mm/kasan/report.c:450 mm/kasan/report.c:450\n nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142\n __nf_register_net_hook+0x27e/0x8d0 net/netfilter/core.c:429 net/netfilter/core.c:429\n nf_register_net_hook+0xaa/0x180 net/netfilter/core.c:571 net/netfilter/core.c:571\n nft_register_flowtable_net_hooks+0x3c5/0x730 net/netfilter/nf_tables_api.c:7232 net/netfilter/nf_tables_api.c:7232\n nf_tables_newflowtable+0x2022/0x2cf0 net/netfilter/nf_tables_api.c:7430 net/netfilter/nf_tables_api.c:7430\n nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline]\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]\n nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] net/netfilter/nfnetlink.c:652\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] net/netfilter/nfnetlink.c:652\n nfnetlink_rcv+0x10e6/0x2550 net/netfilter/nfnetlink.c:652 net/netfilter/nfnetlink.c:652\n\n__nft_release_hook() calls nft_unregister_flowtable_net_hooks() which\nonly unregisters the hooks, then after RCU grace period, it is\nguaranteed that no packets add new entries to the flowtable (no flow\noffload rules and flowtable hooks are reachable from packet path), so it\nis safe to call nf_flow_table_free() which cleans up the remaining\nentries from the flowtable (both software and hardware) and it unbinds\nthe flow_block.",
"id": "GHSA-4qph-c4vr-m25p",
"modified": "2024-08-23T03:30:59Z",
"published": "2024-08-22T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48935"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6069da443bf65f513bb507bb21e2f87cfb1ad0b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88c795491bf45a8c08a0f94c9ca4f13722e51013"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8ffb8ac3448845f65634889b051bd65e4dee484b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b05a24cc453e3cd51b0c79e3c583b5d495eba1d6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4fcc081e527aa2ce12e956912fc47e251f6bd27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e51f30826bc5384801df98d76109c94953d1df64"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QR3-M7WW-HH9G
Vulnerability from github – Published: 2022-01-06 22:01 – Updated: 2022-01-06 20:21An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0.25.0"
},
{
"fixed": "0.25.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0.26.0"
},
{
"fixed": "0.26.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-45717"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-05T21:15:20Z",
"nvd_published_at": "2021-12-26T22:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.",
"id": "GHSA-4qr3-m7ww-hh9g",
"modified": "2022-01-06T20:21:05Z",
"published": "2022-01-06T22:01:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45717"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/issues/1048"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/rusqlite/RUSTSEC-2021-0128.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0128.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use After Free in rusqlite"
}
GHSA-4QR8-V8VV-2G9W
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor.
This fixes the path: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor
which does not correctly free the descriptors as first nodes were not removed from the list.
{
"affected": [],
"aliases": [
"CVE-2024-46716"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T07:15:03Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n msgdma_free_chan_resources -\u003e msgdma_free_descriptors -\u003e\n msgdma_free_desc_list -\u003e msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.",
"id": "GHSA-4qr8-v8vv-2g9w",
"modified": "2025-11-04T00:31:26Z",
"published": "2024-09-18T09:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46716"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QW6-VWC8-MH38
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2025-11-04 18:30Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-4060"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:52Z",
"severity": "HIGH"
},
"details": "Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-4qw6-vwc8-mh38",
"modified": "2025-11-04T18:30:55Z",
"published": "2024-05-01T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4060"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/333420620"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QXV-PHX5-F6FX
Vulnerability from github – Published: 2023-05-08 21:31 – Updated: 2024-04-04 03:52In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
{
"affected": [],
"aliases": [
"CVE-2023-32233"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-08T20:15:20Z",
"severity": "HIGH"
},
"details": "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.",
"id": "GHSA-4qxv-phx5-f6fx",
"modified": "2024-04-04T03:52:38Z",
"published": "2023-05-08T21:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32233"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196105"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=35879660"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230616-0002"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5402"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2023/05/08/4"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/05/15/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.