CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-5RGM-9X6M-WP8V
Vulnerability from github – Published: 2022-05-14 01:03 – Updated: 2022-05-14 01:03Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2014-4060"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-08-12T21:55:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka \"CSyncBasePlayer Use After Free Vulnerability.\"",
"id": "GHSA-5rgm-9x6m-wp8v",
"modified": "2022-05-14T01:03:28Z",
"published": "2022-05-14T01:03:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4060"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-043"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60671"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/69093"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5RJF-2562-J3HX
Vulnerability from github – Published: 2025-09-02 15:31 – Updated: 2025-09-02 15:31In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924624; Issue ID: MSV-3826.
{
"affected": [],
"aliases": [
"CVE-2025-20706"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-01T06:15:34Z",
"severity": "HIGH"
},
"details": "In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924624; Issue ID: MSV-3826.",
"id": "GHSA-5rjf-2562-j3hx",
"modified": "2025-09-02T15:31:07Z",
"published": "2025-09-02T15:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20706"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/September-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RMH-6FJP-JMCP
Vulnerability from github – Published: 2024-02-27 12:31 – Updated: 2024-04-10 18:30In the Linux kernel, the following vulnerability has been resolved:
usb: mtu3: fix list_head check warning
This is caused by uninitialization of list_head.
BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4
Call trace: dump_backtrace+0x0/0x298 show_stack+0x24/0x34 dump_stack+0x130/0x1a8 print_address_description+0x88/0x56c __kasan_report+0x1b8/0x2a0 kasan_report+0x14/0x20 __asan_load8+0x9c/0xa0 __list_del_entry_valid+0x34/0xe4 mtu3_req_complete+0x4c/0x300 [mtu3] mtu3_gadget_stop+0x168/0x448 [mtu3] usb_gadget_unregister_driver+0x204/0x3a0 unregister_gadget_item+0x44/0xa4
{
"affected": [],
"aliases": [
"CVE-2021-46930"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T10:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: mtu3: fix list_head check warning\n\nThis is caused by uninitialization of list_head.\n\nBUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4\n\nCall trace:\ndump_backtrace+0x0/0x298\nshow_stack+0x24/0x34\ndump_stack+0x130/0x1a8\nprint_address_description+0x88/0x56c\n__kasan_report+0x1b8/0x2a0\nkasan_report+0x14/0x20\n__asan_load8+0x9c/0xa0\n__list_del_entry_valid+0x34/0xe4\nmtu3_req_complete+0x4c/0x300 [mtu3]\nmtu3_gadget_stop+0x168/0x448 [mtu3]\nusb_gadget_unregister_driver+0x204/0x3a0\nunregister_gadget_item+0x44/0xa4",
"id": "GHSA-5rmh-6fjp-jmcp",
"modified": "2024-04-10T18:30:47Z",
"published": "2024-02-27T12:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46930"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/249ddfbe00570d6dc76208e88017937d4d374c79"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b6efe0b7ba03cc2acf0694b46d6ff33c5b4c295"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/585e2b244dda7ea733274e4b8fa27853d625d3bf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RRC-RVC2-GQV7
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-4959"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-09T19:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-5rrc-rvc2-gqv7",
"modified": "2022-05-14T00:53:30Z",
"published": "2022-05-14T00:53:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4959"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104169"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040920"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RRQ-V3J5-CWGM
Vulnerability from github – Published: 2024-01-31 00:30 – Updated: 2025-05-08 18:30Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-1059"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-30T22:15:52Z",
"severity": "HIGH"
},
"details": "Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-5rrq-v3j5-cwgm",
"modified": "2025-05-08T18:30:30Z",
"published": "2024-01-31T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1059"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1514777"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RRV-M36H-QWF8
Vulnerability from github – Published: 2021-08-25 20:44 – Updated: 2023-06-13 16:55The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior.
A fix was published in version 0.1.3.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "chttp"
},
"ranges": [
{
"events": [
{
"introduced": "0.1.1"
},
{
"fixed": "0.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-16140"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:22:50Z",
"nvd_published_at": "2019-09-09T12:15:10Z",
"severity": "CRITICAL"
},
"details": "The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior.\n\nA fix was published in version 0.1.3.",
"id": "GHSA-5rrv-m36h-qwf8",
"modified": "2023-06-13T16:55:57Z",
"published": "2021-08-25T20:44:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16140"
},
{
"type": "WEB",
"url": "https://github.com/sagebind/isahc/issues/2"
},
{
"type": "WEB",
"url": "https://github.com/sagebind/isahc/commit/9e9f1fb44114078c000c78c72e691eeb9e7ac260"
},
{
"type": "PACKAGE",
"url": "https://github.com/sagebind/chttp"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0016.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use-after-free in chttp"
}
GHSA-5RW6-VF4W-P4J3
Vulnerability from github – Published: 2023-06-13 18:30 – Updated: 2025-05-05 18:32Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2023-3215"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-13T18:15:22Z",
"severity": "HIGH"
},
"details": "Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-5rw6-vf4w-p4j3",
"modified": "2025-05-05T18:32:41Z",
"published": "2023-06-13T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3215"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1446274"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-34"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5428"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RW7-VR47-CWQ3
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31Win32k Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30028"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:17:00Z",
"severity": "HIGH"
},
"details": "Win32k Elevation of Privilege Vulnerability",
"id": "GHSA-5rw7-vr47-cwq3",
"modified": "2024-05-14T18:31:04Z",
"published": "2024-05-14T18:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30028"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30028"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5V58-FMFQ-47VX
Vulnerability from github – Published: 2022-05-17 01:19 – Updated: 2025-04-12 13:02Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.
{
"affected": [],
"aliases": [
"CVE-2016-5136"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-23T19:59:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.",
"id": "GHSA-5v58-fmfq-47vx",
"modified": "2025-04-12T13:02:53Z",
"published": "2022-05-17T01:19:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5136"
},
{
"type": "WEB",
"url": "https://codereview.chromium.org/2116923002"
},
{
"type": "WEB",
"url": "https://codereview.chromium.org/2134613002"
},
{
"type": "WEB",
"url": "https://crbug.com/625393"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1485.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3637"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92053"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036428"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5V6G-VFRC-9W8P
Vulnerability from github – Published: 2024-06-25 15:31 – Updated: 2024-10-17 15:31In the Linux kernel, the following vulnerability has been resolved:
9p: add missing locking around taking dentry fid list
Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it:
UAF thread: refcount_t: addition on 0; use-after-free. p9_fid_get linux/./include/net/9p/client.h:262 v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129 v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181 v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314 v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400 vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248
Freed by: p9_fid_destroy (inlined) p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456 p9_fid_put linux/./include/net/9p/client.h:278 v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55 v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518 vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335
The problem is that d_fsdata was not accessed under d_lock, because d_release() normally is only called once the dentry is otherwise no longer accessible but since we also call it explicitly in v9fs_remove that lock is required: move the hlist out of the dentry under lock then unref its fids once they are no longer accessible.
{
"affected": [],
"aliases": [
"CVE-2024-39463"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-25T15:15:14Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: add missing locking around taking dentry fid list\n\nFix a use-after-free on dentry\u0027s d_fsdata fid list when a thread\nlooks up a fid through dentry while another thread unlinks it:\n\nUAF thread:\nrefcount_t: addition on 0; use-after-free.\n p9_fid_get linux/./include/net/9p/client.h:262\n v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129\n v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181\n v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314\n v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400\n vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248\n\nFreed by:\n p9_fid_destroy (inlined)\n p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456\n p9_fid_put linux/./include/net/9p/client.h:278\n v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55\n v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518\n vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335\n\nThe problem is that d_fsdata was not accessed under d_lock, because\nd_release() normally is only called once the dentry is otherwise no\nlonger accessible but since we also call it explicitly in v9fs_remove\nthat lock is required:\nmove the hlist out of the dentry under lock then unref its fids once\nthey are no longer accessible.",
"id": "GHSA-5v6g-vfrc-9w8p",
"modified": "2024-10-17T15:31:07Z",
"published": "2024-06-25T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39463"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3bb6763a8319170c2d41c4232c8e7e4c37dcacfb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1194"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.