CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9812 vulnerabilities reference this CWE, most recent first.
GHSA-5X8J-6M8P-FVGX
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 03:31In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.
{
"affected": [],
"aliases": [
"CVE-2022-50087"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:37Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails\n\nWhen scpi probe fails, at any point, we need to ensure that the scpi_info\nis not set and will remain NULL until the probe succeeds. If it is not\ntaken care, then it could result use-after-free as the value is exported\nvia get_scpi_ops() and could refer to a memory allocated via devm_kzalloc()\nbut freed when the probe fails.",
"id": "GHSA-5x8j-6m8p-fvgx",
"modified": "2025-11-18T03:31:13Z",
"published": "2025-06-18T12:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50087"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08272646cd7c310642c39b7f54348fddd7987643"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c29e149b6bb498778ed8a1c9597b51acfba7856"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18048cba444a7c41dbf42c180d6b46606fc24c51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f2d7b46d6b53c07f44a4f8f8f4438888f0e9e87"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/689640efc0a2c4e07e6f88affe6d42cd40cc3f85"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/87c4896d5dd7fd9927c814cf3c6289f41de3b562"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XG5-FFCR-C2CC
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-08-19 18:32In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client instance uninstall process, but acceletion engine device uninstall process still use it to trace runtime information. This causes a use after free problem.
So fixes it by check the instance register state to avoid use after free.
{
"affected": [],
"aliases": [
"CVE-2021-47596"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T15:15:54Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix use-after-free bug in hclgevf_send_mbx_msg\n\nCurrently, the hns3_remove function firstly uninstall client instance,\nand then uninstall acceletion engine device. The netdevice is freed in\nclient instance uninstall process, but acceletion engine device uninstall\nprocess still use it to trace runtime information. This causes a use after\nfree problem.\n\nSo fixes it by check the instance register state to avoid use after free.",
"id": "GHSA-5xg5-ffcr-c2cc",
"modified": "2024-08-19T18:32:03Z",
"published": "2024-06-19T15:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47596"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12512bc8f25b8ba9795dfbae0e9ca57ff13fd542"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27cbf64a766e86f068ce6214f04c00ceb4db1af4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f4a353f6fe033807cd026a5de81c67469ff19b0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XH4-H2PM-54MV
Vulnerability from github – Published: 2026-07-02 00:31 – Updated: 2026-07-02 03:31Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-14403"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T23:16:48Z",
"severity": "HIGH"
},
"details": "Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-5xh4-h2pm-54mv",
"modified": "2026-07-02T03:31:26Z",
"published": "2026-07-02T00:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14403"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513298483"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XH9-FG67-82M2
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-08-03 00:00An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.
{
"affected": [],
"aliases": [
"CVE-2021-33453"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.",
"id": "GHSA-5xh9-fg67-82m2",
"modified": "2022-08-03T00:00:58Z",
"published": "2022-07-27T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33453"
},
{
"type": "WEB",
"url": "https://github.com/ckolivas/lrzip/issues/199"
},
{
"type": "WEB",
"url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XHV-W67W-545F
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
{
"affected": [],
"aliases": [
"CVE-2017-5380"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"id": "GHSA-5xhv-w67w-545f",
"modified": "2025-11-25T18:32:07Z",
"published": "2022-05-14T03:10:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5380"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1322107"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95769"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037693"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XJJ-CF5G-659H
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.
{
"affected": [],
"aliases": [
"CVE-2021-33468"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.",
"id": "GHSA-5xjj-cf5g-659h",
"modified": "2022-07-29T00:00:33Z",
"published": "2022-07-27T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33468"
},
{
"type": "WEB",
"url": "https://github.com/yasm/yasm/issues/162"
},
{
"type": "WEB",
"url": "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XMM-CHG9-PPMR
Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
nfs: fix UAF in direct writes
In production we have been hitting the following warning consistently
------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0 Workqueue: nfsiod nfs_direct_write_schedule_work [nfs] RIP: 0010:refcount_warn_saturate+0x9c/0xe0 PKRU: 55555554 Call Trace: ? __warn+0x9f/0x130 ? refcount_warn_saturate+0x9c/0xe0 ? report_bug+0xcc/0x150 ? handle_bug+0x3d/0x70 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0x9c/0xe0 nfs_direct_write_schedule_work+0x237/0x250 [nfs] process_one_work+0x12f/0x4a0 worker_thread+0x14e/0x3b0 ? ZSTD_getCParams_internal+0x220/0x220 kthread+0xdc/0x120 ? __btf_name_valid+0xa0/0xa0 ret_from_fork+0x1f/0x30
This is because we're completing the nfs_direct_request twice in a row.
The source of this is when we have our commit requests to submit, we process them and send them off, and then in the completion path for the commit requests we have
if (nfs_commit_end(cinfo.mds)) nfs_direct_write_complete(dreq);
However since we're submitting asynchronous requests we sometimes have one that completes before we submit the next one, so we end up calling complete on the nfs_direct_request twice.
The only other place we use nfs_generic_commit_list() is in __nfs_commit_inode, which wraps this call in a
nfs_commit_begin(); nfs_commit_end();
Which is a common pattern for this style of completion handling, one that is also repeated in the direct code with get_dreq()/put_dreq() calls around where we process events as well as in the completion paths.
Fix this by using the same pattern for the commit requests.
Before with my 200 node rocksdb stress running this warning would pop every 10ish minutes. With my patch the stress test has been running for several hours without popping.
{
"affected": [],
"aliases": [
"CVE-2024-26958"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T06:15:12Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix UAF in direct writes\n\nIn production we have been hitting the following warning consistently\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0\nWorkqueue: nfsiod nfs_direct_write_schedule_work [nfs]\nRIP: 0010:refcount_warn_saturate+0x9c/0xe0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x9f/0x130\n ? refcount_warn_saturate+0x9c/0xe0\n ? report_bug+0xcc/0x150\n ? handle_bug+0x3d/0x70\n ? exc_invalid_op+0x16/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? refcount_warn_saturate+0x9c/0xe0\n nfs_direct_write_schedule_work+0x237/0x250 [nfs]\n process_one_work+0x12f/0x4a0\n worker_thread+0x14e/0x3b0\n ? ZSTD_getCParams_internal+0x220/0x220\n kthread+0xdc/0x120\n ? __btf_name_valid+0xa0/0xa0\n ret_from_fork+0x1f/0x30\n\nThis is because we\u0027re completing the nfs_direct_request twice in a row.\n\nThe source of this is when we have our commit requests to submit, we\nprocess them and send them off, and then in the completion path for the\ncommit requests we have\n\nif (nfs_commit_end(cinfo.mds))\n\tnfs_direct_write_complete(dreq);\n\nHowever since we\u0027re submitting asynchronous requests we sometimes have\none that completes before we submit the next one, so we end up calling\ncomplete on the nfs_direct_request twice.\n\nThe only other place we use nfs_generic_commit_list() is in\n__nfs_commit_inode, which wraps this call in a\n\nnfs_commit_begin();\nnfs_commit_end();\n\nWhich is a common pattern for this style of completion handling, one\nthat is also repeated in the direct code with get_dreq()/put_dreq()\ncalls around where we process events as well as in the completion paths.\n\nFix this by using the same pattern for the commit requests.\n\nBefore with my 200 node rocksdb stress running this warning would pop\nevery 10ish minutes. With my patch the stress test has been running for\nseveral hours without popping.",
"id": "GHSA-5xmm-chg9-ppmr",
"modified": "2026-05-12T12:31:43Z",
"published": "2024-05-01T06:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26958"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17f46b803d4f23c66cacce81db35fef3adb8f2af"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1daf52b5ffb24870fbeda20b4967526d8f9e12ab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3abc2d160ed8213948b147295d77d44a22c88fa3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6cd3f13aaa62970b5169d990e936b2e96943bc6a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80d24b308b7ee7037fc90d8ac99f6f78df0a256f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf54f66e1dd78990ec6b32177bca7e6ea2144a95"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e25447c35f8745337ea8bc0c9697fcac14df8605"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XMM-MGWX-WW9J
Vulnerability from github – Published: 2025-06-03 00:31 – Updated: 2025-06-03 03:30Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2025-5068"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T00:15:20Z",
"severity": "HIGH"
},
"details": "Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-5xmm-mgwx-ww9j",
"modified": "2025-06-03T03:30:31Z",
"published": "2025-06-03T00:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5068"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/409059706"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XMP-W7P6-H5WV
Vulnerability from github – Published: 2024-02-22 06:30 – Updated: 2024-08-01 15:31A maliciously crafted IGS file when tbb.dll parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
{
"affected": [],
"aliases": [
"CVE-2024-23134"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-22T05:15:09Z",
"severity": "HIGH"
},
"details": "A maliciously crafted IGS file when tbb.dll parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.",
"id": "GHSA-5xmp-w7p6-h5wv",
"modified": "2024-08-01T15:31:27Z",
"published": "2024-02-22T06:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23134"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XQQ-GC4J-MG29
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:01It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
{
"affected": [],
"aliases": [
"CVE-2019-11752"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-27T18:15:00Z",
"severity": "HIGH"
},
"details": "It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"id": "GHSA-5xqq-gc4j-mg29",
"modified": "2024-04-04T02:01:48Z",
"published": "2022-05-24T16:57:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11752"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1501152"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201911-07"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4150-1"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-25"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-26"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-27"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-29"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-30"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.