CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-6PM7-78W9-HJ44
Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2012-3963"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-08-29T10:56:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.",
"id": "GHSA-6pm7-78w9-hj44",
"modified": "2022-05-13T01:18:01Z",
"published": "2022-05-13T01:18:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3963"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=762280"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16437"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/55340"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1548-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1548-2"
},
{
"type": "WEB",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6PMG-H497-CQ5Q
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
{
"affected": [],
"aliases": [
"CVE-2017-16943"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-25T17:29:00Z",
"severity": "CRITICAL"
},
"details": "The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.",
"id": "GHSA-6pmg-h497-cq5q",
"modified": "2022-05-13T01:10:22Z",
"published": "2022-05-13T01:10:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16943"
},
{
"type": "WEB",
"url": "https://bugs.exim.org/show_bug.cgi?id=2199"
},
{
"type": "WEB",
"url": "https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde"
},
{
"type": "WEB",
"url": "https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4"
},
{
"type": "WEB",
"url": "https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944"
},
{
"type": "WEB",
"url": "https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4053"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/11/25/1"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/11/25/2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/11/25/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039872"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PQ8-4F7J-WCW6
Vulnerability from github – Published: 2023-04-21 00:30 – Updated: 2023-04-21 00:30This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845.
{
"affected": [],
"aliases": [
"CVE-2023-27352"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-20T22:15:07Z",
"severity": "HIGH"
},
"details": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845.",
"id": "GHSA-6pq8-4f7j-wcw6",
"modified": "2023-04-21T00:30:21Z",
"published": "2023-04-21T00:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27352"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-447"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PV3-4577-4J8M
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2026-20952"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T18:16:22Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.",
"id": "GHSA-6pv3-4577-4j8m",
"modified": "2026-01-13T18:31:11Z",
"published": "2026-01-13T18:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20952"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PWW-M6H5-JFM6
Vulnerability from github – Published: 2024-11-05 18:32 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix UAF on iso_sock_timeout
conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list.
{
"affected": [],
"aliases": [
"CVE-2024-50124"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-05T18:15:15Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix UAF on iso_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for iso_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\niso_sk_list.",
"id": "GHSA-6pww-m6h5-jfm6",
"modified": "2025-11-04T00:31:55Z",
"published": "2024-11-05T18:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50124"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14bcb721d241e62fdd18f6f434a2ed2ab6e71a9b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/246b435ad668596aa0e2bbb9d491b6413861211a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/876ac72d535fa94f4ac57bba651987c6f990f646"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d75aad1d3143ca68cda52ff80ac392e1bbd84325"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6Q2H-RRFG-FM75
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-21251"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T18:16:26Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-6q2h-rrfg-fm75",
"modified": "2026-02-10T18:30:41Z",
"published": "2026-02-10T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21251"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21251"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6Q3R-4766-W5FQ
Vulnerability from github – Published: 2022-05-14 03:23 – Updated: 2022-05-14 03:23In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API.
{
"affected": [],
"aliases": [
"CVE-2017-11011"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-11T15:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API.",
"id": "GHSA-6q3r-4766-w5fq",
"modified": "2022-05-14T03:23:24Z",
"published": "2022-05-14T03:23:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11011"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6Q4M-8CMC-2222
Vulnerability from github – Published: 2024-09-03 15:30 – Updated: 2025-11-04 18:31The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
{
"affected": [],
"aliases": [
"CVE-2024-8384"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-03T13:15:05Z",
"severity": "CRITICAL"
},
"details": "The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, and Firefox ESR \u003c 115.15.",
"id": "GHSA-6q4m-8cmc-2222",
"modified": "2025-11-04T18:31:19Z",
"published": "2024-09-03T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8384"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1911288"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00025.html"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-39"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-40"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-41"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-43"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-44"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6Q4M-G67W-MR87
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776).
{
"affected": [],
"aliases": [
"CVE-2021-41540"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-28T12:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Solid Edge SE2021 (All versions \u003c SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776).",
"id": "GHSA-6q4m-g67w-mr87",
"modified": "2022-05-24T19:15:59Z",
"published": "2022-05-24T19:15:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41540"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1124"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6Q4Q-MHG5-V6XH
Vulnerability from github – Published: 2024-02-13 00:30 – Updated: 2025-11-04 00:30The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.
{
"affected": [],
"aliases": [
"CVE-2024-1454"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-12T23:15:08Z",
"severity": "LOW"
},
"details": "The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.",
"id": "GHSA-6q4q-mhg5-v6xh",
"modified": "2025-11-04T00:30:46Z",
"published": "2024-02-13T00:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1454"
},
{
"type": "WEB",
"url": "https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-1454"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263929"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.