Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-4WH7-45G5-WCC8

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-03T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free issue was found in the way the Linux kernel\u0027s KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the \u0027pi_desc_page\u0027 without resetting \u0027pi_desc\u0027 descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.",
  "id": "GHSA-4wh7-45g5-wcc8",
  "modified": "2022-05-13T01:34:04Z",
  "published": "2022-05-13T01:34:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16882"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16882"
    },
    {
      "type": "WEB",
      "url": "https://lwn.net/Articles/775720"
    },
    {
      "type": "WEB",
      "url": "https://lwn.net/Articles/775721"
    },
    {
      "type": "WEB",
      "url": "https://marc.info/?l=kvm\u0026m=154514994222809\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K80557033"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3871-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3871-3"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3871-4"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3871-5"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3872-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3878-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3878-2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WPV-R6M6-XJQ5

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-05-13 01:09
VLAI
Details

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-18T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.",
  "id": "GHSA-4wpv-r6m6-xjq5",
  "modified": "2022-05-13T01:09:55Z",
  "published": "2022-05-13T01:09:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8912"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0174"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-8912"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3930-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3930-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3931-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3931-2"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
    },
    {
      "type": "WEB",
      "url": "http://patchwork.ozlabs.org/patch/1042902"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107063"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WRM-6RC2-JX27

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58737"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:56Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-4wrm-6rc2-jx27",
  "modified": "2025-10-14T18:30:33Z",
  "published": "2025-10-14T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58737"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58737"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WRP-M389-3RJM

Vulnerability from github – Published: 2022-05-14 02:24 – Updated: 2025-04-12 12:58
VLAI
Details

Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-1017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-04-09T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031.",
  "id": "GHSA-4wrp-m389-3rjm",
  "modified": "2025-04-12T12:58:16Z",
  "published": "2022-05-14T02:24:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1017"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/85926"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035509"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-225"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WRW-JM7C-GF3X

Vulnerability from github – Published: 2022-05-14 01:28 – Updated: 2022-05-14 01:28
VLAI
Details

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-16T09:58:00Z",
    "severity": "HIGH"
  },
  "details": "sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.",
  "id": "GHSA-4wrw-jm7c-gf3x",
  "modified": "2022-05-14T01:28:46Z",
  "published": "2022-05-14T01:28:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10119"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3054"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.libreoffice.org/#/c/48751"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.libreoffice.org/#/c/48756"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.libreoffice.org/#/c/48757"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.libreoffice.org/#/c/48758"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3883-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4178"
    },
    {
      "type": "WEB",
      "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WX9-J597-QGW7

Vulnerability from github – Published: 2022-05-17 01:08 – Updated: 2025-04-12 12:56
VLAI
Details

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-0974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-02-10T20:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.",
  "id": "GHSA-4wx9-j597-qgw7",
  "modified": "2025-04-12T12:56:52Z",
  "published": "2022-05-17T01:08:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0974"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201603-07"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39463"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0166.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034970"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X24-P8P8-R7HM

Vulnerability from github – Published: 2022-05-14 03:54 – Updated: 2022-05-14 03:54
VLAI
Details

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-11T04:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-4x24-p8p8-r7hm",
  "modified": "2022-05-14T03:54:53Z",
  "published": "2022-05-14T03:54:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2936"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201702-20"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95342"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037570"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X49-RXVP-4XWM

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54
VLAI
Details

In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124899895.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-2127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-20T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124899895.",
  "id": "GHSA-4x49-rxvp-4xwm",
  "modified": "2022-05-24T16:54:05Z",
  "published": "2022-05-24T16:54:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2127"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2019-08-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4X4H-MC66-PX8W

Vulnerability from github – Published: 2021-12-24 00:00 – Updated: 2022-08-16 00:00
VLAI
Details

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-4053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-23T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-4x4h-mc66-px8w",
  "modified": "2022-08-16T00:00:41Z",
  "published": "2021-12-24T00:00:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4053"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1267791"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-25"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X52-4P76-XV6V

Vulnerability from github – Published: 2024-01-03 00:30 – Updated: 2024-01-09 18:30
VLAI
Details

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-03T00:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.",
  "id": "GHSA-4x52-4p76-xv6v",
  "modified": "2024-01-09T18:30:26Z",
  "published": "2024-01-03T00:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49554"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yasm/yasm/issues/249"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.