CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-WG5X-3J3H-VR62
Vulnerability from github – Published: 2024-08-21 09:31 – Updated: 2024-09-11 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/virtio: Fix GEM handle creation UAF
Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done after we are done dereferencing the object.
{
"affected": [],
"aliases": [
"CVE-2022-48899"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-21T07:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: Fix GEM handle creation UAF\n\nUserspace can guess the handle value and try to race GEM object creation\nwith handle close, resulting in a use-after-free if we dereference the\nobject after dropping the handle\u0027s reference. For that reason, dropping\nthe handle\u0027s reference must be done *after* we are done dereferencing\nthe object.",
"id": "GHSA-wg5x-3j3h-vr62",
"modified": "2024-09-11T18:31:02Z",
"published": "2024-08-21T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48899"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/011ecdbcd520c90c344b872ca6b4821f7783b2f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19ec87d06acfab2313ee82b2a689bf0c154e57ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/52531258318ed59a2dc5a43df2eaf0eb1d65438e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/68bcd063857075d2f9edfed6024387ac377923e2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/adc48e5e408afbb01d261bd303fd9fbbbaa3e317"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d01d6d2b06c0d8390adf8f3ba08aa60b5642ef73"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WG67-7CXP-7WP8
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-06-30 03:36In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Do not skip unrelated mode changes in DSC validation
Starting with commit 17ce8a6907f7 ("drm/amd/display: Add dsc pre-validation in atomic check"), amdgpu resets the CRTC state mode_changed flag to false when recomputing the DSC configuration results in no timing change for a particular stream.
However, this is incorrect in scenarios where a change in MST/DSC configuration happens in the same KMS commit as another (unrelated) mode change. For example, the integrated panel of a laptop may be configured differently (e.g., HDR enabled/disabled) depending on whether external screens are attached. In this case, plugging in external DP-MST screens may result in the mode_changed flag being dropped incorrectly for the integrated panel if its DSC configuration did not change during precomputation in pre_validate_dsc().
At this point, however, dm_update_crtc_state() has already created new streams for CRTCs with DSC-independent mode changes. In turn, amdgpu_dm_commit_streams() will never release the old stream, resulting in a memory leak. amdgpu_dm_atomic_commit_tail() will never acquire a reference to the new stream either, which manifests as a use-after-free when the stream gets disabled later on:
BUG: KASAN: use-after-free in dc_stream_release+0x25/0x90 [amdgpu] Write of size 4 at addr ffff88813d836524 by task kworker/9:9/29977
Workqueue: events drm_mode_rmfb_work_fn Call Trace: dump_stack_lvl+0x6e/0xa0 print_address_description.constprop.0+0x88/0x320 ? dc_stream_release+0x25/0x90 [amdgpu] print_report+0xfc/0x1ff ? srso_alias_return_thunk+0x5/0xfbef5 ? __virt_addr_valid+0x225/0x4e0 ? dc_stream_release+0x25/0x90 [amdgpu] kasan_report+0xe1/0x180 ? dc_stream_release+0x25/0x90 [amdgpu] kasan_check_range+0x125/0x200 dc_stream_release+0x25/0x90 [amdgpu] dc_state_destruct+0x14d/0x5c0 [amdgpu] dc_state_release.part.0+0x4e/0x130 [amdgpu] dm_atomic_destroy_state+0x3f/0x70 [amdgpu] drm_atomic_state_default_clear+0x8ee/0xf30 ? drm_mode_object_put.part.0+0xb1/0x130 __drm_atomic_state_free+0x15c/0x2d0 atomic_remove_fb+0x67e/0x980
Since there is no reliable way of figuring out whether a CRTC has unrelated mode changes pending at the time of DSC validation, remember the value of the mode_changed flag from before the point where a CRTC was marked as potentially affected by a change in DSC configuration. Reset the mode_changed flag to this earlier value instead in pre_validate_dsc().
(cherry picked from commit cc7c7121ae082b7b82891baa7280f1ff2608f22b)
{
"affected": [],
"aliases": [
"CVE-2026-31488"
],
"database_specific": {
"cwe_ids": [
"CWE-1288",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:46Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not skip unrelated mode changes in DSC validation\n\nStarting with commit 17ce8a6907f7 (\"drm/amd/display: Add dsc pre-validation in\natomic check\"), amdgpu resets the CRTC state mode_changed flag to false when\nrecomputing the DSC configuration results in no timing change for a particular\nstream.\n\nHowever, this is incorrect in scenarios where a change in MST/DSC configuration\nhappens in the same KMS commit as another (unrelated) mode change. For example,\nthe integrated panel of a laptop may be configured differently (e.g., HDR\nenabled/disabled) depending on whether external screens are attached. In this\ncase, plugging in external DP-MST screens may result in the mode_changed flag\nbeing dropped incorrectly for the integrated panel if its DSC configuration\ndid not change during precomputation in pre_validate_dsc().\n\nAt this point, however, dm_update_crtc_state() has already created new streams\nfor CRTCs with DSC-independent mode changes. In turn,\namdgpu_dm_commit_streams() will never release the old stream, resulting in a\nmemory leak. amdgpu_dm_atomic_commit_tail() will never acquire a reference to\nthe new stream either, which manifests as a use-after-free when the stream gets\ndisabled later on:\n\nBUG: KASAN: use-after-free in dc_stream_release+0x25/0x90 [amdgpu]\nWrite of size 4 at addr ffff88813d836524 by task kworker/9:9/29977\n\nWorkqueue: events drm_mode_rmfb_work_fn\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xa0\n print_address_description.constprop.0+0x88/0x320\n ? dc_stream_release+0x25/0x90 [amdgpu]\n print_report+0xfc/0x1ff\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __virt_addr_valid+0x225/0x4e0\n ? dc_stream_release+0x25/0x90 [amdgpu]\n kasan_report+0xe1/0x180\n ? dc_stream_release+0x25/0x90 [amdgpu]\n kasan_check_range+0x125/0x200\n dc_stream_release+0x25/0x90 [amdgpu]\n dc_state_destruct+0x14d/0x5c0 [amdgpu]\n dc_state_release.part.0+0x4e/0x130 [amdgpu]\n dm_atomic_destroy_state+0x3f/0x70 [amdgpu]\n drm_atomic_state_default_clear+0x8ee/0xf30\n ? drm_mode_object_put.part.0+0xb1/0x130\n __drm_atomic_state_free+0x15c/0x2d0\n atomic_remove_fb+0x67e/0x980\n\nSince there is no reliable way of figuring out whether a CRTC has unrelated\nmode changes pending at the time of DSC validation, remember the value of the\nmode_changed flag from before the point where a CRTC was marked as potentially\naffected by a change in DSC configuration. Reset the mode_changed flag to this\nearlier value instead in pre_validate_dsc().\n\n(cherry picked from commit cc7c7121ae082b7b82891baa7280f1ff2608f22b)",
"id": "GHSA-wg67-7cxp-7wp8",
"modified": "2026-06-30T03:36:22Z",
"published": "2026-04-22T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31488"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27353"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27354"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30848"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-31488"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460619"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10862e344b4d6434642a48c87d765813fc0b0ba7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/111208b5b7ebcdadb3f922cc52d8425f0fa91b33"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21159d8b335a6b9f44cbb506733013a902ae2da4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a5edc97fd9c6415ff2eff872748439a97e3c3d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aed3d041ab061ec8a64f50a3edda0f4db7280025"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da1d0ed31e9802fd99384f43cc63678a5a11cb41"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31488.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WG7Q-76H6-PQH7
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-53802"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:15:50Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-wg7q-76h6-pqh7",
"modified": "2025-09-09T18:31:19Z",
"published": "2025-09-09T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53802"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53802"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WG97-QRH5-P5PR
Vulnerability from github – Published: 2022-05-17 01:08 – Updated: 2025-10-22 00:31Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.
{
"affected": [],
"aliases": [
"CVE-2016-0984"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-02-10T20:59:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.",
"id": "GHSA-wg97-qrh5-p5pr",
"modified": "2025-10-22T00:31:12Z",
"published": "2022-05-17T01:08:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0984"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0984"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/39462"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0166.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034970"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WGC7-WQ7G-P4GW
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2019-8608"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-18T18:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-wgc7-wq7g-p4gw",
"modified": "2022-05-24T17:04:19Z",
"published": "2022-05-24T17:04:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8608"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210118"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210119"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210120"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210123"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210124"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210125"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210212"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WGC8-2WWH-F797
Vulnerability from github – Published: 2022-05-17 03:08 – Updated: 2022-05-17 03:08Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075.
{
"affected": [],
"aliases": [
"CVE-2015-3055"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-05-13T10:59:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075.",
"id": "GHSA-wgc8-2wwh-f797",
"modified": "2022-05-17T03:08:08Z",
"published": "2022-05-17T03:08:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3055"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-10.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74602"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032284"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-213"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WGGX-8WF7-VG3G
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-07-01 00:01A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
{
"affected": [],
"aliases": [
"CVE-2020-1712"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-31T17:15:00Z",
"severity": "MODERATE"
},
"details": "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.",
"id": "GHSA-wggx-8wf7-vg3g",
"modified": "2022-07-01T00:01:11Z",
"published": "2022-05-24T17:12:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1712"
},
{
"type": "WEB",
"url": "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54"
},
{
"type": "WEB",
"url": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb"
},
{
"type": "WEB",
"url": "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d"
},
{
"type": "WEB",
"url": "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2020/02/05/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WGM3-F6X3-RJ6J
Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-11 15:30Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2025-2136"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-10T21:15:40Z",
"severity": "HIGH"
},
"details": "Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-wgm3-f6x3-rj6j",
"modified": "2025-03-11T15:30:58Z",
"published": "2025-03-10T21:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2136"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/395032416"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WGP4-F98J-859W
Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2022-02-26 00:00This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15367.
{
"affected": [],
"aliases": [
"CVE-2021-46573"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-18T20:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15367.",
"id": "GHSA-wgp4-f98j-859w",
"modified": "2022-02-26T00:00:54Z",
"published": "2022-02-19T00:01:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46573"
},
{
"type": "WEB",
"url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-160"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WGPM-4XGR-4MHP
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
{
"affected": [],
"aliases": [
"CVE-2020-13630"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-27T15:15:00Z",
"severity": "HIGH"
},
"details": "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.",
"id": "GHSA-wgpm-4xgr-4mhp",
"modified": "2022-05-24T17:18:45Z",
"published": "2022-05-24T17:18:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13630"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4394-1"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211952"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211935"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211931"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211850"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211844"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211843"
},
{
"type": "WEB",
"url": "https://sqlite.org/src/info/0d69f76f0865f962"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200608-0002"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.