Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9811 vulnerabilities reference this CWE, most recent first.

GHSA-69G4-9GMG-F5MG

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:18:28Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-69g4-9gmg-f5mg",
  "modified": "2026-07-14T18:32:37Z",
  "published": "2026-07-14T18:32:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56183"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56183"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69G9-QC4V-M973

Vulnerability from github – Published: 2022-05-14 00:55 – Updated: 2022-05-14 00:55
VLAI
Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19827"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-03T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.",
  "id": "GHSA-69g9-qc4v-m973",
  "modified": "2022-05-14T00:55:58Z",
  "published": "2022-05-14T00:55:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19827"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sass/libsass/issues/2782"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69H7-V29J-QWRM

Vulnerability from github – Published: 2022-05-12 00:00 – Updated: 2022-05-12 00:00
VLAI
Details

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-11T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-69h7-v29j-qwrm",
  "modified": "2022-05-12T00:00:52Z",
  "published": "2022-05-12T00:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28242"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-16.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69M3-G558-7XX3

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2023-01-09 18:30
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30741"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.",
  "id": "GHSA-69m3-g558-7xx3",
  "modified": "2023-01-09T18:30:28Z",
  "published": "2022-05-24T19:13:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30741"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69MG-VW3H-XM3V

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Input: edt-ft5x06 - fix use-after-free in debugfs teardown

The commit 68743c500c6e ("Input: edt-ft5x06 - use per-client debugfs directory") removed the manual debugfs teardown, relying on the I2C core to handle it. However, this creates a window where debugfs files are still accessible after edt_ft5x06_ts_teardown_debugfs() frees tsdata->raw_buffer.

To prevent a use-after-free, protect the freeing of raw_buffer with the device mutex and set raw_buffer to NULL. The debugfs read function already checks if raw_buffer is NULL under the same mutex, so this safely avoids the use-after-free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:31Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: edt-ft5x06 - fix use-after-free in debugfs teardown\n\nThe commit 68743c500c6e (\"Input: edt-ft5x06 - use per-client debugfs\ndirectory\") removed the manual debugfs teardown, relying on the I2C core\nto handle it. However, this creates a window where debugfs files are\nstill accessible after edt_ft5x06_ts_teardown_debugfs() frees\ntsdata-\u003eraw_buffer.\n\nTo prevent a use-after-free, protect the freeing of raw_buffer with the\ndevice mutex and set raw_buffer to NULL. The debugfs read function\nalready checks if raw_buffer is NULL under the same mutex, so this\nsafely avoids the use-after-free.",
  "id": "GHSA-69mg-vw3h-xm3v",
  "modified": "2026-06-25T21:31:21Z",
  "published": "2026-05-27T15:33:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46097"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f6c5e7b747d40e1c65cbfcb975857d25154c075"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a516d43886623e3cca5fa3446bed8fc7c7982be2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5f9e07060519e2287e99019a6de1eb3ebb65c37"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69PX-R2HQ-HMW3

Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2022-05-14 01:04
VLAI
Details

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-0131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-24T16:40:00Z",
    "severity": "LOW"
  },
  "details": "Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.",
  "id": "GHSA-69px-r2hq-hmw3",
  "modified": "2022-05-14T01:04:04Z",
  "published": "2022-05-14T01:04:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0131"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/1fd819ecb90cc9b822cd84d3056ddba315d3340f"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074589"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fd819ecb90cc9b822cd84d3056ddba315d3340f"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1fd819ecb90cc9b822cd84d3056ddba315d3340f"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/10/4"
    },
    {
      "type": "WEB",
      "url": "http://www.spinics.net/lists/netdev/msg274250.html"
    },
    {
      "type": "WEB",
      "url": "http://www.spinics.net/lists/netdev/msg274316.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-69Q2-QMCC-6RH3

Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI
Details

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49677"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T17:15:52Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-69q2-qmcc-6rh3",
  "modified": "2025-07-08T18:31:46Z",
  "published": "2025-07-08T18:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49677"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49677"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69Q9-9JGH-W2QC

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-07T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
  "id": "GHSA-69q9-9jgh-w2qc",
  "modified": "2022-05-24T19:01:48Z",
  "published": "2022-05-24T19:01:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1891"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-69VJ-962M-HMHV

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-27T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.",
  "id": "GHSA-69vj-962m-hmhv",
  "modified": "2022-05-24T17:32:27Z",
  "published": "2022-05-24T17:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8846"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210785"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210790"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210792"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210793"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210794"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT210795"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-69VV-8R9H-G8X5

Vulnerability from github – Published: 2022-10-21 12:00 – Updated: 2022-10-24 19:00
VLAI
Details

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-21T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.",
  "id": "GHSA-69vv-8r9h-g8x5",
  "modified": "2022-10-24T19:00:17Z",
  "published": "2022-10-21T12:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3625"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=6b4db2e528f650c7fb712961aac36455468d5902"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.211929"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.