CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-2938-5HF8-58M3
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30In the Linux kernel, the following vulnerability has been resolved:
ima: Fix use-after-free on a dentry's dname.name
->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead.
{
"affected": [],
"aliases": [
"CVE-2024-39494"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:12Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry\u0027s dname.name\n\n-\u003ed_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (-\u003ed_lock on dentry,\n-\u003ed_lock on its parent, -\u003ei_rwsem exclusive on the parent\u0027s inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.",
"id": "GHSA-2938-5hf8-58m3",
"modified": "2025-11-04T00:30:51Z",
"published": "2024-07-12T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39494"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b31e28fbd773aefb6164687e0767319b8199829"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/480afcbeb7aaaa22677d3dd48ec590b441eaac1a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7fb374981e31c193b1152ed8d3b0a95b671330d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a78a6f0da57d058e2009e9958fdcef66f165208c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be84f32bb2c981ca670922e047cdde1488b233de"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-294C-HPXH-5QRX
Vulnerability from github – Published: 2023-10-25 21:30 – Updated: 2025-11-04 21:30A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
{
"affected": [],
"aliases": [
"CVE-2023-5380"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T20:15:18Z",
"severity": "MODERATE"
},
"details": "A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.",
"id": "GHSA-294c-hpxh-5qrx",
"modified": "2025-11-04T21:30:46Z",
"published": "2023-10-25T21:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5380"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5534"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231130-0004"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-30"
},
{
"type": "WEB",
"url": "https://lists.x.org/archives/xorg-announce/2023-October/003430.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244736"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-5380"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3067"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2995"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2298"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2169"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7428"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2956-GJ54-R9FG
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30Windows Graphics Component Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38085"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:44Z",
"severity": "HIGH"
},
"details": "Windows Graphics Component Elevation of Privilege Vulnerability",
"id": "GHSA-2956-gj54-r9fg",
"modified": "2024-07-09T18:30:52Z",
"published": "2024-07-09T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38085"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38085"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-295V-HJGH-6C75
Vulnerability from github – Published: 2023-07-25 21:31 – Updated: 2024-04-04 06:21GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
{
"affected": [],
"aliases": [
"CVE-2023-39129"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-25T19:15:11Z",
"severity": "MODERATE"
},
"details": "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.",
"id": "GHSA-295v-hjgh-6c75",
"modified": "2024-04-04T06:21:15Z",
"published": "2023-07-25T21:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39129"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30640"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-298C-RVVP-XH7Q
Vulnerability from github – Published: 2024-07-29 15:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
ASoC: topology: Fix references to freed memory
Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use devm_kmemdup(), to allocate memory as needed.
{
"affected": [],
"aliases": [
"CVE-2024-41069"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T15:15:14Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.",
"id": "GHSA-298c-rvvp-xh7q",
"modified": "2025-11-04T00:31:01Z",
"published": "2024-07-29T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41069"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29GG-QVJ7-46C7
Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-47165"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T17:23:36Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
"id": "GHSA-29gg-qvj7-46c7",
"modified": "2025-06-10T18:32:30Z",
"published": "2025-06-10T18:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47165"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47165"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29PG-8Q2M-R6XM
Vulnerability from github – Published: 2026-04-29 15:30 – Updated: 2026-06-25 21:31Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.
The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead.
Calling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.
{
"affected": [],
"aliases": [
"CVE-2026-7111"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-29T15:16:09Z",
"severity": "HIGH"
},
"details": "Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.\n\nThe Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead.\n\nCalling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.",
"id": "GHSA-29pg-8q2m-r6xm",
"modified": "2026-06-25T21:31:18Z",
"published": "2026-04-29T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7111"
},
{
"type": "WEB",
"url": "https://github.com/cpan-authors/Text-CSV_XS/commit/c17f31a5f2bf36674748eb4b6e25672f0571a224.patch"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00037.html"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/HMBRAND/Text-CSV_XS-1.62/changes"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/29/17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29QV-H4J6-WVJ9
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.
{
"affected": [],
"aliases": [
"CVE-2010-1823"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-09-24T19:00:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.",
"id": "GHSA-29qv-h4j6-wvj9",
"modified": "2022-05-13T01:24:50Z",
"published": "2022-05-13T01:24:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1823"
},
{
"type": "WEB",
"url": "https://bugs.webkit.org/show_bug.cgi?id=43055"
},
{
"type": "WEB",
"url": "https://bugs.webkit.org/show_bug.cgi?id=44533"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=50250"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43068"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4808"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4981"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0212"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-29R6-F3MM-4W5F
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32In the Linux kernel, the following vulnerability has been resolved:
power: supply: pf1550: Fix use-after-free in power_supply_changed()
Using the devm_ variant for requesting IRQ before the devm_
variant for allocating/registering the power_supply handle, means that
the power_supply handle will be deallocated/unregistered before the
interrupt handler (since devm_ naturally deallocates in reverse
allocation order). This means that during removal, there is a race
condition where an interrupt can fire just after the power_supply
handle has been freed, but just before the corresponding
unregistration of the IRQ handler has run.
This will lead to the IRQ handler calling power_supply_changed() with
a freed power_supply handle. Which usually crashes the system or
otherwise silently corrupts the memory...
Note that there is a similar situation which can also happen during
probe(); the possibility of an interrupt firing before registering
the power_supply handle. This would then lead to the nasty situation
of using the power_supply handle uninitialized in
power_supply_changed().
Fix this racy use-after-free by making sure the IRQ is requested after
the registration of the power_supply handle.
{
"affected": [],
"aliases": [
"CVE-2026-45906"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:05Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: pf1550: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle.",
"id": "GHSA-29r6-f3mm-4w5f",
"modified": "2026-06-24T18:32:27Z",
"published": "2026-05-27T15:33:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45906"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bdefeed904f1f17e1f73a4d8a035515f3a9fad8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/838767f5074700552d3f006d867caed65edc7328"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29W5-279F-VR72
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().
{
"affected": [],
"aliases": [
"CVE-2024-27052"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:50Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work\n\nThe workqueue might still be running, when the driver is stopped. To\navoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().",
"id": "GHSA-29w5-279f-vr72",
"modified": "2026-05-12T12:31:44Z",
"published": "2024-05-01T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27052"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1213acb478a7181cd73eeaf00db430f1e45b1361"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/156012667b85ca7305cb363790d3ae8519a6f41e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3518cea837de4d106efa84ddac18a07b6de1384e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/58fe3bbddfec10c6b216096d8c0e517cd8463e3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7059cdb69f8e1a2707dd1e2f363348b507ed7707"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ac512507ac89c01ed6cd4ca53032f52cdb23ea59"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dddedfa3b29a63c2ca4336663806a6128b8545b4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.