Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-VG96-JMXW-665F

Vulnerability from github – Published: 2026-07-11 15:30 – Updated: 2026-07-11 15:30
VLAI
Details

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-61861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-11T14:16:24Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution.",
  "id": "GHSA-vg96-jmxw-665f",
  "modified": "2026-07-11T15:30:24Z",
  "published": "2026-07-11T15:30:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-61861"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-use-after-free-in-formatmagickcaption"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VGC7-M4R9-XW45

Vulnerability from github – Published: 2026-01-25 15:30 – Updated: 2026-03-25 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

macvlan: fix possible UAF in macvlan_forward_source()

Add RCU protection on (struct macvlan_source_entry)->vlan.

Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts.

This allows macvlan_forward_source() to skip over entries queued for freeing.

Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)).

https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-25T15:15:54Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix possible UAF in macvlan_forward_source()\n\nAdd RCU protection on (struct macvlan_source_entry)-\u003evlan.\n\nWhenever macvlan_hash_del_source() is called, we must clear\nentry-\u003evlan pointer before RCU grace period starts.\n\nThis allows macvlan_forward_source() to skip over\nentries queued for freeing.\n\nNote that macvlan_dev are already RCU protected, as they\nare embedded in a standard netdev (netdev_priv(ndev)).\n\nhttps: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u",
  "id": "GHSA-vgc7-m4r9-xw45",
  "modified": "2026-03-25T21:30:23Z",
  "published": "2026-01-25T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23001"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/15f6faf36e162532bec5cc05eb3fc622108bf2ed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/232afc74a6dde0fe1830988e5827921f5ec9bb3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/484919832e2db6ce1e8add92c469e5d459a516b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6dbead9c7677186f22b7981dd085a0feec1f038e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7470a7a63dc162f07c26dbf960e41ee1e248d80e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8133e85b8a3ec9f10d861e0002ec6037256e987e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8518712a2ca952d6da2238c6f0a16b4ae5ea3f13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VGFH-VGXV-C838

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

firewire: net: fix use after free in fwnet_finish_incoming_packet()

The netif_rx() function frees the skb so we can't dereference it to save the skb->len.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:47Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: net: fix use after free in fwnet_finish_incoming_packet()\n\nThe netif_rx() function frees the skb so we can\u0027t dereference it to\nsave the skb-\u003elen.",
  "id": "GHSA-vgfh-vgxv-c838",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-18T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53432"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ea70379e4f4efa95c9daa7f3f9bdd4d40aec927"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ff256751a2853e1ffaa36958ff933ccc98c6cb5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9040adc38cf6bfbb77034d558ac2c52f70d840ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9860921ab4521252dc39bb21b9c936bd09a00982"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VGGR-8W22-PX64

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T13:19:59Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
  "id": "GHSA-vggr-8w22-px64",
  "modified": "2026-06-17T18:35:45Z",
  "published": "2026-06-17T18:35:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12442"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/521950423"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VGGV-F293-VMJW

Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false

A UAF issue occurs when the virtio_net driver is configured with napi_tx=N and the device's IFF_XMIT_DST_RELEASE flag is cleared (e.g., during the configuration of tc route filter rules).

When IFF_XMIT_DST_RELEASE is removed from the net_device, the network stack expects the driver to hold the reference to skb->dst until the packet is fully transmitted and freed. In virtio_net with napi_tx=N, skbs may remain in the virtio transmit ring for an extended period.

If the network namespace is destroyed while these skbs are still pending, the corresponding dst_ops structure has freed. When a subsequent packet is transmitted, free_old_xmit() is triggered to clean up old skbs. It then calls dst_release() on the skb associated with the stale dst_entry. Since the dst_ops (referenced by the dst_entry) has already been freed, a UAF kernel paging request occurs.

fix it by adds skb_dst_drop(skb) in start_xmit to explicitly release the dst reference before the skb is queued in virtio_net.

Call Trace: Unable to handle kernel paging request at virtual address ffff80007e150000 CPU: 2 UID: 0 PID: 6236 Comm: ping Kdump: loaded Not tainted 7.0.0-rc1+ #6 PREEMPT ... percpu_counter_add_batch+0x3c/0x158 lib/percpu_counter.c:98 (P) dst_release+0xe0/0x110 net/core/dst.c:177 skb_release_head_state+0xe8/0x108 net/core/skbuff.c:1177 sk_skb_reason_drop+0x54/0x2d8 net/core/skbuff.c:1255 dev_kfree_skb_any_reason+0x64/0x78 net/core/dev.c:3469 napi_consume_skb+0x1c4/0x3a0 net/core/skbuff.c:1527 __free_old_xmit+0x164/0x230 drivers/net/virtio_net.c:611 [virtio_net] free_old_xmit drivers/net/virtio_net.c:1081 [virtio_net] start_xmit+0x7c/0x530 drivers/net/virtio_net.c:3329 [virtio_net] ...

Reproduction Steps: NETDEV="enp3s0"

config_qdisc_route_filter() { tc qdisc del dev $NETDEV root tc qdisc add dev $NETDEV root handle 1: prio tc filter add dev $NETDEV parent 1:0 \ protocol ip prio 100 route to 100 flowid 1:1 ip route add 192.168.1.100/32 dev $NETDEV realm 100 }

test_ns() { ip netns add testns ip link set $NETDEV netns testns ip netns exec testns ifconfig $NETDEV 10.0.32.46/24 ip netns exec testns ping -c 1 10.0.32.1 ip netns del testns }

config_qdisc_route_filter

test_ns sleep 2 test_ns

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T14:16:43Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false\n\nA UAF issue occurs when the virtio_net driver is configured with napi_tx=N\nand the device\u0027s IFF_XMIT_DST_RELEASE flag is cleared\n(e.g., during the configuration of tc route filter rules).\n\nWhen IFF_XMIT_DST_RELEASE is removed from the net_device, the network stack\nexpects the driver to hold the reference to skb-\u003edst until the packet\nis fully transmitted and freed. In virtio_net with napi_tx=N,\nskbs may remain in the virtio transmit ring for an extended period.\n\nIf the network namespace is destroyed while these skbs are still pending,\nthe corresponding dst_ops structure has freed. When a subsequent packet\nis transmitted, free_old_xmit() is triggered to clean up old skbs.\nIt then calls dst_release() on the skb associated with the stale dst_entry.\nSince the dst_ops (referenced by the dst_entry) has already been freed,\na UAF kernel paging request occurs.\n\nfix it by adds skb_dst_drop(skb) in start_xmit to explicitly release\nthe dst reference before the skb is queued in virtio_net.\n\nCall Trace:\n Unable to handle kernel paging request at virtual address ffff80007e150000\n CPU: 2 UID: 0 PID: 6236 Comm: ping Kdump: loaded Not tainted 7.0.0-rc1+ #6 PREEMPT\n  ...\n  percpu_counter_add_batch+0x3c/0x158 lib/percpu_counter.c:98 (P)\n  dst_release+0xe0/0x110  net/core/dst.c:177\n  skb_release_head_state+0xe8/0x108 net/core/skbuff.c:1177\n  sk_skb_reason_drop+0x54/0x2d8 net/core/skbuff.c:1255\n  dev_kfree_skb_any_reason+0x64/0x78 net/core/dev.c:3469\n  napi_consume_skb+0x1c4/0x3a0 net/core/skbuff.c:1527\n  __free_old_xmit+0x164/0x230  drivers/net/virtio_net.c:611 [virtio_net]\n  free_old_xmit drivers/net/virtio_net.c:1081 [virtio_net]\n  start_xmit+0x7c/0x530 drivers/net/virtio_net.c:3329 [virtio_net]\n  ...\n\nReproduction Steps:\nNETDEV=\"enp3s0\"\n\nconfig_qdisc_route_filter() {\n    tc qdisc del dev $NETDEV root\n    tc qdisc add dev $NETDEV root handle 1: prio\n    tc filter add dev $NETDEV parent 1:0 \\\n\tprotocol ip prio 100 route to 100 flowid 1:1\n    ip route add 192.168.1.100/32 dev $NETDEV realm 100\n}\n\ntest_ns() {\n    ip netns add testns\n    ip link set $NETDEV netns testns\n    ip netns exec testns ifconfig $NETDEV  10.0.32.46/24\n    ip netns exec testns ping -c 1 10.0.32.1\n    ip netns del testns\n}\n\nconfig_qdisc_route_filter\n\ntest_ns\nsleep 2\ntest_ns",
  "id": "GHSA-vggv-f293-vmjw",
  "modified": "2026-07-14T15:31:52Z",
  "published": "2026-04-22T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31469"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63d45077b97bb0e0fe0c75931acbbca7a47af141"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8a4790850e710fd6771e4d2112168ed1dd6c0e54"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a18629f2525781f0f3dda7be72b204e4cf77d08"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba8bda9a0896746053aa97ac6c3e08168729172c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be0e63f3b97bbaf453c542e8a15ba2a536e2ac01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1ec36cb3768574b916f20d2d7415fd14fa1bf12"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f04733c4dc40c43899c3d1c97afbae5831a3770f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fedd2e1630cac920844997227ccbe7b26a76375a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VGHW-8PFJ-XHJG

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18
VLAI
Details

Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-3959"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-08-29T10:56:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.",
  "id": "GHSA-vghw-8pfj-xhjg",
  "modified": "2022-05-13T01:18:02Z",
  "published": "2022-05-13T01:18:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3959"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=771994"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16805"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2553"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2554"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2556"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/55324"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1548-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1548-2"
    },
    {
      "type": "WEB",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VGMH-MQM4-8J88

Vulnerability from github – Published: 2025-03-24 16:06 – Updated: 2025-03-24 16:06
VLAI
Summary
pared Vulnerable to Use After Free in `Parc` and `Prc` Due to Missing Lifetime Constraints
Details

Affected versions of this crate didn't provide sufficient lifetime constraints to conversion functions from alloc::sync::Arc and alloc::rc::Rc, which made it possible to create projections of these reference counted pointers. Unlike the original reference counted pointers, these projections could outlive original data's lifetimes.

This projected pointer could cause the original Arc's or Rc's Drop::drop to get called at a point where the original data was no longer valid, leading to a potential use after free.

The affected functions were - pared::prc::Prc::from_rc - pared::prc::Prc::project - pared::prc::Prc::try_from_rc - pared::sync::Parc::from_arc - pared::sync::Parc::project - pared::sync::Parc::try_from_arc

This flaw was fixed in 108f540ea8acb6073751a1aa386085c1cdc4fd1e by requiring that the type stored in the Arcs and Rcs passed to these functions contain T: 'static.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pared"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-24T16:06:28Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Affected versions of this crate didn\u0027t provide sufficient lifetime constraints to conversion functions from `alloc::sync::Arc` and `alloc::rc::Rc`, which made it possible to create projections of these reference counted pointers. Unlike the original reference counted pointers, these projections could outlive original data\u0027s lifetimes.\n\nThis projected pointer could cause the original `Arc`\u0027s or `Rc`\u0027s `Drop::drop` to get called at a point where the original data was no longer valid, leading to a potential use after free.\n\nThe affected functions were\n- `pared::prc::Prc::from_rc`\n- `pared::prc::Prc::project`\n- `pared::prc::Prc::try_from_rc`\n- `pared::sync::Parc::from_arc`\n- `pared::sync::Parc::project`\n- `pared::sync::Parc::try_from_arc`\n\nThis flaw was fixed in [108f540ea8acb6073751a1aa386085c1cdc4fd1e](https://github.com/radekvit/pared/commit/108f540ea8acb6073751a1aa386085c1cdc4fd1e) by requiring that the type stored in the `Arc`s and `Rc`s passed to these functions contain `T: \u0027static`.",
  "id": "GHSA-vgmh-mqm4-8j88",
  "modified": "2025-03-24T16:06:28Z",
  "published": "2025-03-24T16:06:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/radekvit/pared/issues/2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radekvit/pared/commit/108f540ea8acb6073751a1aa386085c1cdc4fd1e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/radekvit/pared"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0016.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pared Vulnerable to Use After Free in `Parc` and `Prc` Due to Missing Lifetime Constraints"
}

GHSA-VGMM-5Q8C-X2QH

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35
VLAI
Details

Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:17:02Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-vgmm-5q8c-x2qh",
  "modified": "2026-07-01T15:35:02Z",
  "published": "2026-07-01T00:34:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13885"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/500474409"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VGP5-79VF-Q8QP

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-06 06:30
VLAI
Details

Use after free in File Input in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T23:17:15Z",
    "severity": "CRITICAL"
  },
  "details": "Use after free in File Input in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-vgp5-79vf-q8qp",
  "modified": "2026-06-06T06:30:28Z",
  "published": "2026-06-05T00:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11100"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/500416901"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VGP8-265X-9XJ2

Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33
VLAI
Details

Windows Remote Desktop Services Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T02:04:37Z",
    "severity": "HIGH"
  },
  "details": "Windows Remote Desktop Services Remote Code Execution Vulnerability",
  "id": "GHSA-vgp8-265x-9xj2",
  "modified": "2024-12-12T03:33:05Z",
  "published": "2024-12-12T03:33:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49115"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49115"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.