CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-VV37-54Q4-33CJ
Vulnerability from github – Published: 2023-11-01 21:30 – Updated: 2023-11-01 21:30A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.
{
"affected": [],
"aliases": [
"CVE-2023-1193"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-01T20:15:08Z",
"severity": "MODERATE"
},
"details": "A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.",
"id": "GHSA-vv37-54q4-33cj",
"modified": "2023-11-01T21:30:19Z",
"published": "2023-11-01T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1193"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-1193"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154177"
},
{
"type": "WEB",
"url": "https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV4H-MQRQ-W4H2
Vulnerability from github – Published: 2022-05-17 03:07 – Updated: 2025-04-12 13:07The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
{
"affected": [],
"aliases": [
"CVE-2016-6892"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-05T22:59:00Z",
"severity": "HIGH"
},
"details": "The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.",
"id": "GHSA-vv4h-mqrq-w4h2",
"modified": "2025-04-12T13:07:59Z",
"published": "2022-05-17T03:07:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6892"
},
{
"type": "WEB",
"url": "https://github.com/matrixssl/matrixssl/blob/3-8-6-open/CHANGES.md"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/396440"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93498"
},
{
"type": "WEB",
"url": "http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV5X-2M86-4JV8
Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 12:31Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-9978"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T23:16:56Z",
"severity": "HIGH"
},
"details": "Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-vv5x-2m86-4jv8",
"modified": "2026-05-29T12:31:25Z",
"published": "2026-05-29T00:38:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9978"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/511741396"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV64-CX48-GWWP
Vulnerability from github – Published: 2025-08-06 09:30 – Updated: 2025-08-06 09:30Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
{
"affected": [],
"aliases": [
"CVE-2025-21456"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-06T08:15:26Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.",
"id": "GHSA-vv64-cx48-gwwp",
"modified": "2025-08-06T09:30:35Z",
"published": "2025-08-06T09:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21456"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV6J-WW6X-54GX
Vulnerability from github – Published: 2022-02-22 21:51 – Updated: 2022-04-12 15:14CVE-2022-0609: Use after free in Animation
- https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609
Google is aware of reports that exploits for CVE-2022-0609 exist in the wild.
The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.
There is currently little other public information on the issue other than it has been flagged as High severity.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 98.1.190"
},
"package": {
"ecosystem": "NuGet",
"name": "CefSharp.Common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "98.1.210"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 98.1.190"
},
"package": {
"ecosystem": "NuGet",
"name": "CefSharp.OffScreen"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "98.1.210"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 98.1.190"
},
"package": {
"ecosystem": "NuGet",
"name": "CefSharp.WinForms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "98.1.210"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 98.1.190"
},
"package": {
"ecosystem": "NuGet",
"name": "CefSharp.Wpf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "98.1.210"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 98.1.190"
},
"package": {
"ecosystem": "NuGet",
"name": "CefSharp.Wpf.HwndHost"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "98.1.210"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 98.1.190"
},
"package": {
"ecosystem": "NuGet",
"name": "CefSharp.Common.NETCore"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "98.1.210"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 98.1.190"
},
"package": {
"ecosystem": "NuGet",
"name": "CefSharp.OffScreen.NETCore"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "98.1.210"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 98.1.190"
},
"package": {
"ecosystem": "NuGet",
"name": "CefSharp.WinForms.NETCore"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "98.1.210"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 98.1.190"
},
"package": {
"ecosystem": "NuGet",
"name": "CefSharp.Wpf.NETCore"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "98.1.210"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-0609"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-22T21:51:19Z",
"nvd_published_at": "2022-04-05T00:15:00Z",
"severity": "HIGH"
},
"details": "CVE-2022-0609: Use after free in Animation\n\n- https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609\n\nGoogle is aware of reports that exploits for CVE-2022-0609 exist in the wild.\n\nThe exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"id": "GHSA-vv6j-ww6x-54gx",
"modified": "2022-04-12T15:14:36Z",
"published": "2022-02-22T21:51:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0609"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1296150"
},
{
"type": "PACKAGE",
"url": "https://github.com/cefsharp/CefSharp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use after free in Animation"
}
GHSA-VV73-VF82-3769
Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2022-05-14 01:10When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
{
"affected": [],
"aliases": [
"CVE-2019-6556"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-10T20:29:00Z",
"severity": "MODERATE"
},
"details": "When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.",
"id": "GHSA-vv73-vf82-3769",
"modified": "2022-05-14T01:10:37Z",
"published": "2022-05-14T01:10:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6556"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-344"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV7G-8W6R-FWJX
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-30562"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-03T19:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-vv7g-8w6r-fwjx",
"modified": "2022-05-24T19:09:47Z",
"published": "2022-05-24T19:09:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30562"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1220078"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VV93-V48R-H8PJ
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
btintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET and Intel exception-info retrieval) without holding hci_req_sync_lock(). This lets it race against hci_dev_do_close() -> btintel_shutdown_combined(), which also runs __hci_cmd_sync() under the same lock. When both paths manipulate hdev->req_status/req_rsp concurrently, the close path may free the response skb first, and the still-running hw_error path hits a slab-use-after-free in kfree_skb().
Wrap the whole recovery sequence in hci_req_sync_lock/unlock so it is serialized with every other synchronous HCI command issuer.
Below is the data race report and the kasan report:
BUG: data-race in __hci_cmd_sync_sk / btintel_shutdown_combined
read of hdev->req_rsp at net/bluetooth/hci_sync.c:199 by task kworker/u17:1/83: __hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200 __hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223 btintel_hw_error+0x114/0x670 drivers/bluetooth/btintel.c:254 hci_error_reset+0x348/0xa30 net/bluetooth/hci_core.c:1030
write/free by task ioctl/22580: btintel_shutdown_combined+0xd0/0x360 drivers/bluetooth/btintel.c:3648 hci_dev_close_sync+0x9ae/0x2c10 net/bluetooth/hci_sync.c:5246 hci_dev_do_close+0x232/0x460 net/bluetooth/hci_core.c:526
BUG: KASAN: slab-use-after-free in sk_skb_reason_drop+0x43/0x380 net/core/skbuff.c:1202 Read of size 4 at addr ffff888144a738dc by task kworker/u17:1/83: __hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200 __hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223 btintel_hw_error+0x186/0x670 drivers/bluetooth/btintel.c:260
{
"affected": [],
"aliases": [
"CVE-2026-31500"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:48Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock\n\nbtintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET\nand Intel exception-info retrieval) without holding\nhci_req_sync_lock(). This lets it race against\nhci_dev_do_close() -\u003e btintel_shutdown_combined(), which also runs\n__hci_cmd_sync() under the same lock. When both paths manipulate\nhdev-\u003ereq_status/req_rsp concurrently, the close path may free the\nresponse skb first, and the still-running hw_error path hits a\nslab-use-after-free in kfree_skb().\n\nWrap the whole recovery sequence in hci_req_sync_lock/unlock so it\nis serialized with every other synchronous HCI command issuer.\n\nBelow is the data race report and the kasan report:\n\n BUG: data-race in __hci_cmd_sync_sk / btintel_shutdown_combined\n\n read of hdev-\u003ereq_rsp at net/bluetooth/hci_sync.c:199\n by task kworker/u17:1/83:\n __hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200\n __hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223\n btintel_hw_error+0x114/0x670 drivers/bluetooth/btintel.c:254\n hci_error_reset+0x348/0xa30 net/bluetooth/hci_core.c:1030\n\n write/free by task ioctl/22580:\n btintel_shutdown_combined+0xd0/0x360\n drivers/bluetooth/btintel.c:3648\n hci_dev_close_sync+0x9ae/0x2c10 net/bluetooth/hci_sync.c:5246\n hci_dev_do_close+0x232/0x460 net/bluetooth/hci_core.c:526\n\n BUG: KASAN: slab-use-after-free in\n sk_skb_reason_drop+0x43/0x380 net/core/skbuff.c:1202\n Read of size 4 at addr ffff888144a738dc\n by task kworker/u17:1/83:\n __hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200\n __hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223\n btintel_hw_error+0x186/0x670 drivers/bluetooth/btintel.c:260",
"id": "GHSA-vv93-v48r-h8pj",
"modified": "2026-06-01T18:31:24Z",
"published": "2026-04-22T15:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31500"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f84e845648dfa86e42de5487f1a774b42f0444d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66696648af477dc87859e5e4b607112f5f29d010"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e041d0aad1d4d43d921ace052e04f4e2cacaed3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/94d8e6fe5d0818e9300e514e095a200bd5ff93ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e10a4cb72468686ffbe8bb2b0520e37f6be1a0c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7d84737663ad4a120d2d8ef1561a4df91282c2e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVFQ-8HWR-QM4M
Vulnerability from github – Published: 2025-02-18 22:36 – Updated: 2025-03-10 22:36Summary
Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6.
libxml2 v2.13.6 addresses:
- CVE-2025-24928
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
- CVE-2024-56171
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
Impact
CVE-2025-24928
Stack-buffer overflow is possible when reporting DTD validation errors if the input contains a long (~3kb) QName prefix.
CVE-2024-56171
Use-after-free is possible during validation against untrusted XML Schemas (.xsd) and, potentially, validation of untrusted documents against trusted Schemas if they make use of xsd:keyref in combination with recursively defined types that have additional identity constraints.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-1395",
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-18T22:36:03Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "## Summary\n\nNokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).\n\nlibxml2 v2.13.6 addresses:\n\n- CVE-2025-24928\n - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847\n- CVE-2024-56171\n - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828\n\n## Impact\n\n### CVE-2025-24928\n\nStack-buffer overflow is possible when reporting DTD validation errors if the input contains a long (~3kb) QName prefix.\n\n### CVE-2024-56171\n\nUse-after-free is possible during validation against untrusted XML Schemas (.xsd) and, potentially, validation of untrusted documents against trusted Schemas if they make use of `xsd:keyref` in combination with recursively defined types that have additional identity constraints.",
"id": "GHSA-vvfq-8hwr-qm4m",
"modified": "2025-03-10T22:36:22Z",
"published": "2025-02-18T22:36:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171"
}
GHSA-VVGW-8MJP-FP2R
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
{
"affected": [],
"aliases": [
"CVE-2019-9706"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-12T01:29:00Z",
"severity": "MODERATE"
},
"details": "Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.",
"id": "GHSA-vvgw-8mjp-fp2r",
"modified": "2022-05-13T01:04:47Z",
"published": "2022-05-13T01:04:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9706"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html"
},
{
"type": "WEB",
"url": "https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html"
},
{
"type": "WEB",
"url": "https://salsa.debian.org/debian/cron/commit/40791b93"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.