Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-532V-XPQ5-8H95

Vulnerability from github – Published: 2026-04-03 02:42 – Updated: 2026-04-06 23:10
VLAI
Summary
Electron: Use-after-free in offscreen child window paint callback
Details

Impact

Apps that use offscreen rendering and allow child windows via window.open() may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption.

Apps are only affected if they use offscreen rendering (webPreferences.offscreen: true) and their setWindowOpenHandler permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected.

Workarounds

Deny child window creation from offscreen renderers in your setWindowOpenHandler, or ensure child windows are closed before the parent is destroyed.

Fixed Versions

  • 41.0.0
  • 40.7.0
  • 39.8.1

For more information

If there are any questions or comments about this advisory, please email security@electronjs.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "39.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "40.0.0-alpha.1"
            },
            {
              "fixed": "40.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "41.0.0-alpha.1"
            },
            {
              "fixed": "41.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-03T02:42:27Z",
    "nvd_published_at": "2026-04-04T00:16:18Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nApps that use offscreen rendering and allow child windows via `window.open()` may be vulnerable to a use-after-free. If the parent offscreen `WebContents` is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption.\n\nApps are only affected if they use offscreen rendering (`webPreferences.offscreen: true`) and their `setWindowOpenHandler` permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected.\n\n### Workarounds\nDeny child window creation from offscreen renderers in your `setWindowOpenHandler`, or ensure child windows are closed before the parent is destroyed.\n\n### Fixed Versions\n* `41.0.0`\n* `40.7.0`\n* `39.8.1`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)",
  "id": "GHSA-532v-xpq5-8h95",
  "modified": "2026-04-06T23:10:55Z",
  "published": "2026-04-03T02:42:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/electron/electron"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Electron: Use-after-free in offscreen child window paint callback"
}

GHSA-533F-24PJ-CVJ8

Vulnerability from github – Published: 2022-05-02 03:47 – Updated: 2024-10-21 18:30
VLAI
Details

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-3671"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-12-09T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-3674.",
  "id": "GHSA-533f-24pj-cvj8",
  "modified": "2024-10-21T18:30:42Z",
  "published": "2022-05-02T03:47:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3671"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6382"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023293"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-533J-V9V8-3C94

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-24 06:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/vm: move xa_alloc to prevent UAF

Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this.

v2: - Rebase

(cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49865"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:06Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vm: move xa_alloc to prevent UAF\n\nEvil user can guess the next id of the vm before the ioctl completes and\nthen call vm destroy ioctl to trigger UAF since create ioctl is still\nreferencing the same vm. Move the xa_alloc all the way to the end to\nprevent this.\n\nv2:\n - Rebase\n\n(cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9)",
  "id": "GHSA-533j-v9v8-3c94",
  "modified": "2024-10-24T06:30:28Z",
  "published": "2024-10-21T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49865"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09cf8901fc0225898311b375cfcc67bae37ed5da"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74231870cf4976f69e83aa24f48edb16619f652f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-533R-CF7V-7WWJ

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:53Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.",
  "id": "GHSA-533r-cf7v-7wwj",
  "modified": "2025-10-14T18:30:32Z",
  "published": "2025-10-14T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58718"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58718"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-534J-X2X2-HV47

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 01:02
VLAI
Details

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-24T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.",
  "id": "GHSA-534j-x2x2-hv47",
  "modified": "2024-04-04T01:02:44Z",
  "published": "2022-05-24T16:48:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12871"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en-us/advisories/vde-2019-014"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-578"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-534V-34XW-2G2M

Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2025-10-22 00:32
VLAI
Details

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33063"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-05T03:15:12Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in DSP Services during a remote call from HLOS to DSP.",
  "id": "GHSA-534v-34xw-2g2m",
  "modified": "2025-10-22T00:32:58Z",
  "published": "2023-12-05T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33063"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33063"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-535C-FWMJ-7HHW

Vulnerability from github – Published: 2022-05-01 07:18 – Updated: 2024-02-15 21:31
VLAI
Details

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2006-4434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-08-29T00:04:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long \"header line\", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying \"The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected.\"",
  "id": "GHSA-535c-fwmj-7hhw",
  "modified": "2024-02-15T21:31:23Z",
  "published": "2022-05-01T07:18:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4434"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21637"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21641"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21696"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21700"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21749"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22369"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016753"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1"
    },
    {
      "type": "WEB",
      "url": "http://www.attrition.org/pipermail/vim/2006-August/000999.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1164"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:156"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openbsd.org/errata.html#sendmail3"
    },
    {
      "type": "WEB",
      "url": "http://www.openbsd.org/errata38.html#sendmail3"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/28193"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19714"
    },
    {
      "type": "WEB",
      "url": "http://www.sendmail.org/releases/8.13.8.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3393"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3994"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-536W-QXRW-JPGF

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32
VLAI
Details

Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-03T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
  "id": "GHSA-536w-qxrw-jpgf",
  "modified": "2022-05-24T17:32:56Z",
  "published": "2022-05-24T17:32:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15996"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/10/chrome-for-android-update_31.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1133635"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5377-3G7F-CJV4

Vulnerability from github – Published: 2022-05-14 01:25 – Updated: 2022-05-14 01:25
VLAI
Details

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "libc++abi" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2441"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-02T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"libc++abi\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling.",
  "id": "GHSA-5377-3g7f-cjv4",
  "modified": "2022-05-14T01:25:14Z",
  "published": "2022-05-14T01:25:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2441"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207601"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207602"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207615"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207617"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97137"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038138"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-53C4-FHGX-HG96

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26
VLAI
Details

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9722"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-19T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-53c4-fhgx-hg96",
  "modified": "2022-05-24T17:26:11Z",
  "published": "2022-05-24T17:26:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9722"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-48.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.