CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9804 vulnerabilities reference this CWE, most recent first.
GHSA-X88Q-X2R7-VG3G
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2026-40701"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T16:16:43Z",
"severity": "MODERATE"
},
"details": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module\u00a0module when the ssl_verify_client\u00a0directive is set to \"on\" or \"optional,\" and the ssl_ocsp\u00a0directive is set to \"on\" or the leaf\u00a0parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-x88q-x2r7-vg3g",
"modified": "2026-05-13T18:30:55Z",
"published": "2026-05-13T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40701"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000161021"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X88X-2V2G-73X8
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-37987"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-02T22:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-x88x-2v2g-73x8",
"modified": "2022-05-24T19:19:42Z",
"published": "2022-05-24T19:19:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37987"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1206928"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X895-2928-J9F4
Vulnerability from github – Published: 2026-01-06 03:31 – Updated: 2026-01-06 21:30In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.
{
"affected": [],
"aliases": [
"CVE-2025-20780"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-06T02:15:42Z",
"severity": "HIGH"
},
"details": "In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.",
"id": "GHSA-x895-2928-j9f4",
"modified": "2026-01-06T21:30:32Z",
"published": "2026-01-06T03:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20780"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X89X-8GR3-3G6F
Vulnerability from github – Published: 2022-05-14 02:22 – Updated: 2025-04-12 13:02Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
{
"affected": [],
"aliases": [
"CVE-2016-4227"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-13T02:00:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.",
"id": "GHSA-x89x-8gr3-3g6f",
"modified": "2025-04-12T13:02:13Z",
"published": "2022-05-14T02:22:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4227"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:1423"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201607-03"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/40307"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91719"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036280"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8CV-HRXX-5GXG
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.
{
"affected": [],
"aliases": [
"CVE-2016-3179"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-24T15:59:00Z",
"severity": "MODERATE"
},
"details": "The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.",
"id": "GHSA-x8cv-hrxx-5gxg",
"modified": "2022-05-13T01:10:46Z",
"published": "2022-05-13T01:10:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3179"
},
{
"type": "WEB",
"url": "https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759"
},
{
"type": "WEB",
"url": "http://speirofr.appspot.com/files/advisory/SPADV-2016-02.md"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/03/16/13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8FV-9VFW-QHV9
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50433"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:47Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Media allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-x8fv-9vfw-qhv9",
"modified": "2026-07-14T18:32:23Z",
"published": "2026-07-14T18:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50433"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50433"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8G2-2XMM-VGMC
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:45Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2019-7830"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-22T18:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-x8g2-2xmm-vgmc",
"modified": "2024-04-04T00:45:00Z",
"published": "2022-05-24T16:46:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7830"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-514"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108320"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8J8-QWWW-5JWF
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2025-01-21 18:31Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2011-1874"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-07-13T23:55:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\"",
"id": "GHSA-x8j8-qwww-5jwf",
"modified": "2025-01-21T18:31:01Z",
"published": "2022-05-13T01:15:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1874"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12585"
},
{
"type": "WEB",
"url": "http://osvdb.org/73777"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/45186"
},
{
"type": "WEB",
"url": "http://support.avaya.com/css/P8/documents/100144947"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/48587"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025761"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8JX-7MQ3-5RPV
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-37957"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-08T22:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-x8jx-7mq3-5rpv",
"modified": "2022-05-24T19:17:08Z",
"published": "2022-05-24T19:17:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37957"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1242269"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X8JX-9XWQ-XWQ6
Vulnerability from github – Published: 2026-02-24 15:30 – Updated: 2026-06-30 03:35Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8.
{
"affected": [],
"aliases": [
"CVE-2026-2767"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-24T14:16:25Z",
"severity": "CRITICAL"
},
"details": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox \u003c 148 and Firefox ESR \u003c 140.8.",
"id": "GHSA-x8jx-9xwq-xwq6",
"modified": "2026-06-30T03:35:43Z",
"published": "2026-02-24T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2767"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3981"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3982"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3983"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3984"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4022"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4152"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4260"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4432"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-2767"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013741"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442328"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2767.json"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-13"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-15"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-16"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-17"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3338"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3339"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3361"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3491"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3492"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3496"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3497"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3515"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3516"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3517"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3976"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3978"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3979"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3980"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.