Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9814 vulnerabilities reference this CWE, most recent first.

GHSA-764W-G8WQ-QGG3

Vulnerability from github – Published: 2022-05-14 02:34 – Updated: 2025-04-11 04:10
VLAI
Details

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-1306"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-05-15T03:36:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer Use After Free Vulnerability,\" a different vulnerability than CVE-2013-1313.",
  "id": "GHSA-764w-g8wq-qgg3",
  "modified": "2025-04-11T04:10:14Z",
  "published": "2022-05-14T02:34:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1306"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16398"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40894"
    },
    {
      "type": "WEB",
      "url": "http://blog.skylined.nl/20161208001.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/140092/Microsoft-Internet-Explorer-9-MSHTML-CDispNode-InsertSiblingNode-Use-After-Free.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7669-733Q-3WJ7

Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-10-27 03:30
VLAI
Details

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-26T17:15:10Z",
    "severity": "MODERATE"
  },
  "details": "nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.",
  "id": "GHSA-7669-733q-3wj7",
  "modified": "2024-10-27T03:30:24Z",
  "published": "2024-02-26T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25767"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LuMingYinDetect/nanomq_defects/blob/main/nanomq_detect_1.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-768V-PQ77-R3JH

Vulnerability from github – Published: 2023-08-08 12:30 – Updated: 2024-04-04 06:38
VLAI
Details

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28830"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T10:15:14Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Solid Edge SE2022 (All versions \u003c V222.0 Update 13), Solid Edge SE2023 (All versions \u003c V223.0 Update 4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.15), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.11), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.",
  "id": "GHSA-768v-pq77-r3jh",
  "modified": "2024-04-04T06:38:41Z",
  "published": "2023-08-08T12:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28830"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7696-7RQF-77FC

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35
VLAI
Details

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:16:59Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-7696-7rqf-77fc",
  "modified": "2026-07-01T15:35:01Z",
  "published": "2026-07-01T00:34:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13855"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/524395469"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-769C-MXG2-6MP2

Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2024-04-04 05:26
VLAI
Details

Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-06T13:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.",
  "id": "GHSA-769c-mxg2-6mp2",
  "modified": "2024-04-04T05:26:09Z",
  "published": "2023-07-06T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48512"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/7"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76F4-3487-46JF

Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-11-19 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk

Smatch detected a potential use-after-free of an ndlp oject in dev_loss_tmo_callbk during driver unload or fatal error handling.

Fix by reordering code to avoid potential use-after-free if initial nodelist reference has been previously removed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38289"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T08:15:27Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
  "id": "GHSA-76f4-3487-46jf",
  "modified": "2025-11-19T21:31:15Z",
  "published": "2025-07-10T09:32:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38289"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f09940b5581e44069eb31a66cf7f05c3c35ed04"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5162bb6aa1ec04dff4509b025883524b6d7e7ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea405fb4144985d5c60f49c2abd9ba47ea44fdb4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76F5-923V-9JC3

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: netup_unidvb: fix use-after-free at del_timer()

When Universal DVB card is detaching, netup_unidvb_dma_fini() uses del_timer() to stop dma->timeout timer. But when timer handler netup_unidvb_dma_timeout() is running, del_timer() could not stop it. As a result, the use-after-free bug could happen. The process is shown below:

(cleanup routine)          |        (timer routine)
                           | mod_timer(&dev->tx_sim_timer, ..)

netup_unidvb_finidev() | (wait a time) netup_unidvb_dma_fini() | netup_unidvb_dma_timeout() del_timer(&dma->timeout); | | ndev->pci_dev->dev //USE

Fix by changing del_timer() to del_timer_sync().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:48Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: netup_unidvb: fix use-after-free at del_timer()\n\nWhen Universal DVB card is detaching, netup_unidvb_dma_fini()\nuses del_timer() to stop dma-\u003etimeout timer. But when timer\nhandler netup_unidvb_dma_timeout() is running, del_timer()\ncould not stop it. As a result, the use-after-free bug could\nhappen. The process is shown below:\n\n    (cleanup routine)          |        (timer routine)\n                               | mod_timer(\u0026dev-\u003etx_sim_timer, ..)\nnetup_unidvb_finidev()         | (wait a time)\n  netup_unidvb_dma_fini()      | netup_unidvb_dma_timeout()\n    del_timer(\u0026dma-\u003etimeout);  |\n                               |   ndev-\u003epci_dev-\u003edev //USE\n\nFix by changing del_timer() to del_timer_sync().",
  "id": "GHSA-76f5-923v-9jc3",
  "modified": "2025-12-03T18:30:20Z",
  "published": "2025-09-15T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53219"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/051af3f0b7d1cd8ab7f3e2523ad8ae1af44caba3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07821524f67bf920342bc84ae8b3dea2a315a89e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f5bb36bf9b39a2a96e730bf4455095b50713f63"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1550bcf2983ae1220cc8ab899a39a423fa7cb523"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90229e9ee957d4514425e4a4d82c50ab5d57ac4d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8f9c05e1ebcc9c7bc211cc8b74d8fb86a8756fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd5c77814f290b353917df329f36de1472d47154"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9982db735a8495eee14267cf193c806b957e942"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76GM-3X2J-87HP

Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33
VLAI
Details

Remote Desktop Client Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-08T18:15:27Z",
    "severity": "HIGH"
  },
  "details": "Remote Desktop Client Remote Code Execution Vulnerability",
  "id": "GHSA-76gm-3x2j-87hp",
  "modified": "2024-10-08T18:33:17Z",
  "published": "2024-10-08T18:33:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43599"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43599"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76GM-Q7XQ-V743

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28421"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-13T14:15:00Z",
    "severity": null
  },
  "details": "FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library.",
  "id": "GHSA-76gm-q7xq-v743",
  "modified": "2022-05-24T17:47:23Z",
  "published": "2022-05-24T17:47:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28421"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FluidSynth/fluidsynth/issues/808"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FluidSynth/fluidsynth/pull/810"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00027.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-76HW-GX4C-XC29

Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID (0xFFFF), set by the reset thread, which points to unallocated memory, causing a crash.

Add flag 'io_admin_reset_sync' to synchronize access between the reset, I/O, and admin threads. Before a reset, the reset handler sets this flag to block I/O and admin processing threads. If any thread bypasses the initial check, the reset thread waits up to 10 seconds for processing to finish. If the wait exceeds 10 seconds, the controller is marked as unrecoverable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-09T07:16:07Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue\n\nWhen the task management thread processes reply queues while the reset\nthread resets them, the task management thread accesses an invalid queue ID\n(0xFFFF), set by the reset thread, which points to unallocated memory,\ncausing a crash.\n\nAdd flag \u0027io_admin_reset_sync\u0027 to synchronize access between the reset,\nI/O, and admin threads. Before a reset, the reset handler sets this flag to\nblock I/O and admin processing threads. If any thread bypasses the initial\ncheck, the reset thread waits up to 10 seconds for processing to finish. If\nthe wait exceeds 10 seconds, the controller is marked as unrecoverable.",
  "id": "GHSA-76hw-gx4c-xc29",
  "modified": "2025-11-12T21:31:02Z",
  "published": "2025-05-09T09:33:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37861"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65ba18c84dbd03afe9b38c06c151239d97a09834"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75b67dca4195e11ccf966a704787b2aa2754a457"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d310d66e2b0f5f9f709764641647e8a3a4924fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f195fc060c738d303a21fae146dbf85e1595fb4c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.