Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-6Q58-22X4-6RCV

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-58637"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:18:45Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-6q58-22x4-6rcv",
  "modified": "2026-07-14T18:32:42Z",
  "published": "2026-07-14T18:32:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58637"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58637"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q6R-9Q5H-H93M

Vulnerability from github – Published: 2023-06-28 00:30 – Updated: 2024-04-04 05:13
VLAI
Details

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-27T23:15:09Z",
    "severity": "HIGH"
  },
  "details": "A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.",
  "id": "GHSA-6q6r-9q5h-h93m",
  "modified": "2024-04-04T05:13:37Z",
  "published": "2023-06-28T00:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25001"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q96-22W8-MPWH

Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-05-13 21:30
VLAI
Details

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T21:16:05Z",
    "severity": "HIGH"
  },
  "details": "Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.",
  "id": "GHSA-6q96-22w8-mpwh",
  "modified": "2025-05-13T21:30:56Z",
  "published": "2025-05-13T21:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20062"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6Q9J-9HM3-F2CJ

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3888"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-10-25T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.",
  "id": "GHSA-6q9j-9hm3-f2cj",
  "modified": "2022-05-13T01:26:41Z",
  "published": "2022-05-13T01:26:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3888"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70966"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73805"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13107"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=99138"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48274"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48288"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48377"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026774"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6QC3-MMCJ-4P92

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-19 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: do not allow CHAIN_ID to refer to another table

When doing lookups for chains on the same batch by using its ID, a chain from a different table can be used. If a rule is added to a table but refers to a chain in a different table, it will be linked to the chain in table2, but would have expressions referring to objects in table1.

Then, when table1 is removed, the rule will not be removed as its linked to a chain in table2. When expressions in the rule are processed or removed, that will lead to a use-after-free.

When looking for chains by ID, use the table that was used for the lookup by name, and only return chains belonging to that same table.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50212"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:52Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not allow CHAIN_ID to refer to another table\n\nWhen doing lookups for chains on the same batch by using its ID, a chain\nfrom a different table can be used. If a rule is added to a table but\nrefers to a chain in a different table, it will be linked to the chain in\ntable2, but would have expressions referring to objects in table1.\n\nThen, when table1 is removed, the rule will not be removed as its linked to\na chain in table2. When expressions in the rule are processed or removed,\nthat will lead to a use-after-free.\n\nWhen looking for chains by ID, use the table that was used for the lookup\nby name, and only return chains belonging to that same table.",
  "id": "GHSA-6qc3-mmcj-4p92",
  "modified": "2025-11-19T15:31:31Z",
  "published": "2025-06-18T12:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50212"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f49613a213d918af790c1276f79da741968de11"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58e863f64ee3d0879297e5e53b646e4b91e59620"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91501513016903077f91033fa5d2aa26cac399b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95f466d22364a33d183509629d0879885b4f547e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9e7dcb88ec8e85e4a8ad0ea494ea2f90f32d2583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QFX-PMXG-8GXP

Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-28 09:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Drop all SCM attributes for SOCKMAP.

SOCKMAP can hide inflight fd from AF_UNIX GC.

When a socket in SOCKMAP receives skb with inflight fd, sk_psock_verdict_data_ready() looks up the mapped socket and enqueue skb to its psock->ingress_skb.

Since neither the old nor the new GC can inspect the psock queue, the hidden skb leaks the inflight sockets. Note that this cannot be detected via kmemleak because inflight sockets are linked to a global list.

In addition, SOCKMAP redirect breaks the Tarjan-based GC's assumption that unix_edge.successor is always alive, which is no longer true once skb is redirected, resulting in use-after-free below. [0]

Moreover, SOCKMAP does not call scm_stat_del() properly, so unix_show_fdinfo() could report an incorrect fd count.

sk_msg_recvmsg() does not support any SCM attributes in the first place.

Let's drop all SCM attributes before passing skb to the SOCKMAP layer.

[0]: BUG: KASAN: slab-use-after-free in unix_del_edges (net/unix/garbage.c:118 net/unix/garbage.c:181 net/unix/garbage.c:251) Read of size 8 at addr ffff888125362670 by task kworker/56:1/496

CPU: 56 UID: 0 PID: 496 Comm: kworker/56:1 Not tainted 7.0.0-rc7-00263-gb9d8b856689d #3 PREEMPT(lazy) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 Workqueue: events sk_psock_backlog Call Trace: dump_stack_lvl (lib/dump_stack.c:122) print_report (mm/kasan/report.c:379) kasan_report (mm/kasan/report.c:597) unix_del_edges (net/unix/garbage.c:118 net/unix/garbage.c:181 net/unix/garbage.c:251) unix_destroy_fpl (net/unix/garbage.c:317) unix_destruct_scm (./include/net/scm.h:80 ./include/net/scm.h:86 net/unix/af_unix.c:1976) sk_psock_backlog (./include/linux/skbuff.h:?) process_scheduled_works (kernel/workqueue.c:?) worker_thread (kernel/workqueue.c:?) kthread (kernel/kthread.c:438) ret_from_fork (arch/x86/kernel/process.c:164) ret_from_fork_asm (arch/x86/entry/entry_64.S:258)

Allocated by task 955: kasan_save_track (mm/kasan/common.c:58 mm/kasan/common.c:78) __kasan_slab_alloc (mm/kasan/common.c:369) kmem_cache_alloc_noprof (mm/slub.c:4539) sk_prot_alloc (net/core/sock.c:2240) sk_alloc (net/core/sock.c:2301) unix_create1 (net/unix/af_unix.c:1099) unix_create (net/unix/af_unix.c:1169) __sock_create (net/socket.c:1606) __sys_socketpair (net/socket.c:1811) __x64_sys_socketpair (net/socket.c:1863 net/socket.c:1860 net/socket.c:1860) do_syscall_64 (arch/x86/entry/syscall_64.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)

Freed by task 496: kasan_save_track (mm/kasan/common.c:58 mm/kasan/common.c:78) kasan_save_free_info (mm/kasan/generic.c:587) __kasan_slab_free (mm/kasan/common.c:287) kmem_cache_free (mm/slub.c:6165) __sk_destruct (net/core/sock.c:2282 net/core/sock.c:2384) sk_psock_destroy (./include/net/sock.h:?) process_scheduled_works (kernel/workqueue.c:?) worker_thread (kernel/workqueue.c:?) kthread (kernel/kthread.c:438) ret_from_fork (arch/x86/kernel/process.c:164) ret_from_fork_asm (arch/x86/entry/entry_64.S:258)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T17:17:11Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Drop all SCM attributes for SOCKMAP.\n\nSOCKMAP can hide inflight fd from AF_UNIX GC.\n\nWhen a socket in SOCKMAP receives skb with inflight fd,\nsk_psock_verdict_data_ready() looks up the mapped socket and\nenqueue skb to its psock-\u003eingress_skb.\n\nSince neither the old nor the new GC can inspect the psock\nqueue, the hidden skb leaks the inflight sockets.  Note that\nthis cannot be detected via kmemleak because inflight sockets\nare linked to a global list.\n\nIn addition, SOCKMAP redirect breaks the Tarjan-based GC\u0027s\nassumption that unix_edge.successor is always alive, which\nis no longer true once skb is redirected, resulting in\nuse-after-free below. [0]\n\nMoreover, SOCKMAP does not call scm_stat_del() properly,\nso unix_show_fdinfo() could report an incorrect fd count.\n\nsk_msg_recvmsg() does not support any SCM attributes in the\nfirst place.\n\nLet\u0027s drop all SCM attributes before passing skb to the\nSOCKMAP layer.\n\n[0]:\nBUG: KASAN: slab-use-after-free in unix_del_edges (net/unix/garbage.c:118 net/unix/garbage.c:181 net/unix/garbage.c:251)\nRead of size 8 at addr ffff888125362670 by task kworker/56:1/496\n\nCPU: 56 UID: 0 PID: 496 Comm: kworker/56:1 Not tainted 7.0.0-rc7-00263-gb9d8b856689d #3 PREEMPT(lazy)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\nWorkqueue: events sk_psock_backlog\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:379)\n kasan_report (mm/kasan/report.c:597)\n unix_del_edges (net/unix/garbage.c:118 net/unix/garbage.c:181 net/unix/garbage.c:251)\n unix_destroy_fpl (net/unix/garbage.c:317)\n unix_destruct_scm (./include/net/scm.h:80 ./include/net/scm.h:86 net/unix/af_unix.c:1976)\n sk_psock_backlog (./include/linux/skbuff.h:?)\n process_scheduled_works (kernel/workqueue.c:?)\n worker_thread (kernel/workqueue.c:?)\n kthread (kernel/kthread.c:438)\n ret_from_fork (arch/x86/kernel/process.c:164)\n ret_from_fork_asm (arch/x86/entry/entry_64.S:258)\n \u003c/TASK\u003e\n\nAllocated by task 955:\n kasan_save_track (mm/kasan/common.c:58 mm/kasan/common.c:78)\n __kasan_slab_alloc (mm/kasan/common.c:369)\n kmem_cache_alloc_noprof (mm/slub.c:4539)\n sk_prot_alloc (net/core/sock.c:2240)\n sk_alloc (net/core/sock.c:2301)\n unix_create1 (net/unix/af_unix.c:1099)\n unix_create (net/unix/af_unix.c:1169)\n __sock_create (net/socket.c:1606)\n __sys_socketpair (net/socket.c:1811)\n __x64_sys_socketpair (net/socket.c:1863 net/socket.c:1860 net/socket.c:1860)\n do_syscall_64 (arch/x86/entry/syscall_64.c:?)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFreed by task 496:\n kasan_save_track (mm/kasan/common.c:58 mm/kasan/common.c:78)\n kasan_save_free_info (mm/kasan/generic.c:587)\n __kasan_slab_free (mm/kasan/common.c:287)\n kmem_cache_free (mm/slub.c:6165)\n __sk_destruct (net/core/sock.c:2282 net/core/sock.c:2384)\n sk_psock_destroy (./include/net/sock.h:?)\n process_scheduled_works (kernel/workqueue.c:?)\n worker_thread (kernel/workqueue.c:?)\n kthread (kernel/kthread.c:438)\n ret_from_fork (arch/x86/kernel/process.c:164)\n ret_from_fork_asm (arch/x86/entry/entry_64.S:258)",
  "id": "GHSA-6qfx-pmxg-8gxp",
  "modified": "2026-06-28T09:31:38Z",
  "published": "2026-06-24T18:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53005"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/965dc93481d1b80d341bdd16c27b16fe197175ee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b34a1d83c74a124c968b5adb25c809db3e2eb86a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QGC-3MP9-49HF

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25
VLAI
Details

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-4493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-07T21:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.",
  "id": "GHSA-6qgc-3mp9-49hf",
  "modified": "2022-05-13T01:25:02Z",
  "published": "2022-05-13T01:25:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4493"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12129"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=63051"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42472"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2188"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6QH2-62R9-72Q3

Vulnerability from github – Published: 2023-03-21 21:30 – Updated: 2024-10-08 21:31
VLAI
Details

Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1534"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-21T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-6qh2-62r9-72q3",
  "modified": "2024-10-08T21:31:03Z",
  "published": "2023-03-21T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1534"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1422594"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202309-17"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/171961/Chrome-GL_ShaderBinary-Untrusted-Process-Exposure.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/171965/Chrome-SpvGetMappedSamplerName-Out-Of-Bounds-String-Copy.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QJH-P74Q-89MV

Vulnerability from github – Published: 2023-04-10 21:30 – Updated: 2025-10-22 00:32
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-10T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
  "id": "GHSA-6qjh-p74q-89mv",
  "modified": "2025-10-22T00:32:43Z",
  "published": "2023-04-10T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28205"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-32"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213720"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213721"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213722"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213723"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5396"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5397"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Apr/1"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Apr/2"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Apr/3"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Apr/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/04/21/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QJW-V5JG-MH26

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rect property of a Link object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7103.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17690"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-24T04:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rect property of a Link object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7103.",
  "id": "GHSA-6qjw-v5jg-mh26",
  "modified": "2022-05-13T01:33:50Z",
  "published": "2022-05-13T01:33:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17690"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1161"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.