Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-HR37-5GJX-8539

Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-16 00:01
VLAI
Details

In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-11T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418.",
  "id": "GHSA-hr37-5gjx-8539",
  "modified": "2022-04-16T00:01:08Z",
  "published": "2022-04-12T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20062"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/April-2022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HR4V-Q74P-MJ4P

Vulnerability from github – Published: 2022-11-30 00:30 – Updated: 2022-12-02 00:30
VLAI
Details

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-30T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-hr4v-q74p-mj4p",
  "modified": "2022-12-02T00:30:24Z",
  "published": "2022-11-30T00:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4178"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1376099"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-10"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HR5C-W8M8-MFQX

Vulnerability from github – Published: 2024-11-20 00:32 – Updated: 2024-11-20 18:32
VLAI
Details

In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9417"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T22:15:18Z",
    "severity": "HIGH"
  },
  "details": "In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-hr5c-w8m8-mfqx",
  "modified": "2024-11-20T18:32:16Z",
  "published": "2024-11-20T00:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9417"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-07-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HR73-XMQH-3GCC

Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2026-05-12 12:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition

In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once the timer is started, there is a risk of a race condition if the module or device is removed, triggering the ether3_remove function to perform cleanup. The sequence of operations that may lead to a UAF bug is as follows:

CPU0 CPU1

                  |  ether3_ledoff

ether3_remove | free_netdev(dev); | put_devic | kfree(dev); | | ether3_outw(priv(dev)->regs.config2 |= CFG2_CTRLO, REG_CONFIG2); | // use dev

Fix it by ensuring that the timer is canceled before proceeding with the cleanup in ether3_remove.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T13:15:04Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition\n\nIn the ether3_probe function, a timer is initialized with a callback\nfunction ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is\nstarted, there is a risk of a race condition if the module or device\nis removed, triggering the ether3_remove function to perform cleanup.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0                                    CPU1\n\n                      |  ether3_ledoff\nether3_remove         |\n  free_netdev(dev);   |\n  put_devic           |\n  kfree(dev);         |\n |  ether3_outw(priv(dev)-\u003eregs.config2 |= CFG2_CTRLO, REG_CONFIG2);\n                      | // use dev\n\nFix it by ensuring that the timer is canceled before proceeding with\nthe cleanup in ether3_remove.",
  "id": "GHSA-hr73-xmqh-3gcc",
  "modified": "2026-05-12T12:32:10Z",
  "published": "2024-10-21T15:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47747"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c57d61a43293252ad732007c7070fdb112545fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25d559ed2beec9b34045886100dac46d1ad92eba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/338a0582b28e69460df03af50e938b86b4206353"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/516dbc6d16637430808c39568cbb6b841d32b55b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/77a77331cef0a219b8dd91361435eeef04cb741c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/822c7bb1f6f8b0331e8d1927151faf8db3b33afd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5109b60ee4fcb2f2bb24f589575e10cc5283ad4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2abc379071881798d20e2ac1d332ad855ae22f3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HR83-XF6F-C3J7

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30
VLAI
Details

Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:16Z",
    "severity": "MODERATE"
  },
  "details": "Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.",
  "id": "GHSA-hr83-xf6f-c3j7",
  "modified": "2026-06-09T18:30:46Z",
  "published": "2026-06-09T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44805"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44805"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HR8J-X4GJ-PQF8

Vulnerability from github – Published: 2025-02-27 21:32 – Updated: 2025-02-27 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dm: fix use-after-free in dm_cleanup_zoned_dev()

dm_cleanup_zoned_dev() uses queue, so it must be called before blk_cleanup_disk() starts its killing:

blk_cleanup_disk->blk_cleanup_queue()->kobject_put()->blk_release_queue()-> ->...RCU...->blk_free_queue_rcu()->kmem_cache_free()

Otherwise, RCU callback may be executed first and dm_cleanup_zoned_dev() will touch free'd memory:

BUG: KASAN: use-after-free in dm_cleanup_zoned_dev+0x33/0xd0 Read of size 8 at addr ffff88805ac6e430 by task dmsetup/681

CPU: 4 PID: 681 Comm: dmsetup Not tainted 5.17.0-rc2+ #6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Call Trace: dump_stack_lvl+0x57/0x7d print_address_description.constprop.0+0x1f/0x150 ? dm_cleanup_zoned_dev+0x33/0xd0 kasan_report.cold+0x7f/0x11b ? dm_cleanup_zoned_dev+0x33/0xd0 dm_cleanup_zoned_dev+0x33/0xd0 __dm_destroy+0x26a/0x400 ? dm_blk_ioctl+0x230/0x230 ? up_write+0xd8/0x270 dev_remove+0x156/0x1d0 ctl_ioctl+0x269/0x530 ? table_clear+0x140/0x140 ? lock_release+0xb2/0x750 ? remove_all+0x40/0x40 ? rcu_read_lock_sched_held+0x12/0x70 ? lock_downgrade+0x3c0/0x3c0 ? rcu_read_lock_sched_held+0x12/0x70 dm_ctl_ioctl+0xa/0x10 __x64_sys_ioctl+0xb9/0xf0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fb6dfa95c27

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:03Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix use-after-free in dm_cleanup_zoned_dev()\n\ndm_cleanup_zoned_dev() uses queue, so it must be called\nbefore blk_cleanup_disk() starts its killing:\n\nblk_cleanup_disk-\u003eblk_cleanup_queue()-\u003ekobject_put()-\u003eblk_release_queue()-\u003e\n-\u003e...RCU...-\u003eblk_free_queue_rcu()-\u003ekmem_cache_free()\n\nOtherwise, RCU callback may be executed first and\ndm_cleanup_zoned_dev() will touch free\u0027d memory:\n\n BUG: KASAN: use-after-free in dm_cleanup_zoned_dev+0x33/0xd0\n Read of size 8 at addr ffff88805ac6e430 by task dmsetup/681\n\n CPU: 4 PID: 681 Comm: dmsetup Not tainted 5.17.0-rc2+ #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n Call Trace:\n  \u003cTASK\u003e\n  dump_stack_lvl+0x57/0x7d\n  print_address_description.constprop.0+0x1f/0x150\n  ? dm_cleanup_zoned_dev+0x33/0xd0\n  kasan_report.cold+0x7f/0x11b\n  ? dm_cleanup_zoned_dev+0x33/0xd0\n  dm_cleanup_zoned_dev+0x33/0xd0\n  __dm_destroy+0x26a/0x400\n  ? dm_blk_ioctl+0x230/0x230\n  ? up_write+0xd8/0x270\n  dev_remove+0x156/0x1d0\n  ctl_ioctl+0x269/0x530\n  ? table_clear+0x140/0x140\n  ? lock_release+0xb2/0x750\n  ? remove_all+0x40/0x40\n  ? rcu_read_lock_sched_held+0x12/0x70\n  ? lock_downgrade+0x3c0/0x3c0\n  ? rcu_read_lock_sched_held+0x12/0x70\n  dm_ctl_ioctl+0xa/0x10\n  __x64_sys_ioctl+0xb9/0xf0\n  do_syscall_64+0x3b/0x90\n  entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fb6dfa95c27",
  "id": "GHSA-hr8j-x4gj-pqf8",
  "modified": "2025-02-27T21:32:13Z",
  "published": "2025-02-27T21:32:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49270"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0987f00a76a17aa7213da492c00ed9e5a6210c73"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43a043aed964659bc69ef81f266912b73c80d837"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/588b7f5df0cb64f281290c7672470c006abe7160"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fdfe414ca28ddfd562c233fb27385cf820de03e8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HR8V-C379-CG85

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29
VLAI
Details

Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-21T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-hr8v-c379-cg85",
  "modified": "2022-05-24T17:29:07Z",
  "published": "2022-05-24T17:29:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6550"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1106682"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-30"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4824"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/159609/Chrome-WebIDBGetDBNamesCallbacksImpl-SuccessNamesAndVersionsList-Use-After-Free.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HR94-MXG6-WW3H

Vulnerability from github – Published: 2026-02-02 18:31 – Updated: 2026-02-02 18:31
VLAI
Details

Memory Corruption when multiple threads simultaneously access a memory free API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47359"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T16:16:18Z",
    "severity": "HIGH"
  },
  "details": "Memory Corruption when multiple threads simultaneously access a memory free API.",
  "id": "GHSA-hr94-mxg6-ww3h",
  "modified": "2026-02-02T18:31:32Z",
  "published": "2026-02-02T18:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47359"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HR9X-5R9R-VCH4

Vulnerability from github – Published: 2022-05-14 03:48 – Updated: 2022-05-14 03:48
VLAI
Details

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15849"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-10T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition.",
  "id": "GHSA-hr9x-5r9r-vch4",
  "modified": "2022-05-14T03:48:09Z",
  "published": "2022-05-14T03:48:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15849"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-01-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102413"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040106"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HRF4-V83H-4M9H

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-04-05T22:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a \"read-after-free\" issue.",
  "id": "GHSA-hrf4-v83h-4m9h",
  "modified": "2022-05-13T01:27:23Z",
  "published": "2022-05-13T01:27:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3077"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74637"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15343"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=120189"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48732"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48749"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201204-03.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52913"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026892"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.