CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-HWJ4-78R5-RWH6
Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-10 21:32Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-27276"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T19:17:19Z",
"severity": "HIGH"
},
"details": "Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-hwj4-78r5-rwh6",
"modified": "2026-03-10T21:32:16Z",
"published": "2026-03-10T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27276"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb26-29.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HWJ8-33PV-37R3
Vulnerability from github – Published: 2022-06-21 00:00 – Updated: 2022-06-29 00:00There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0
{
"affected": [],
"aliases": [
"CVE-2021-41682"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-20T14:15:00Z",
"severity": "HIGH"
},
"details": "There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0",
"id": "GHSA-hwj8-33pv-37r3",
"modified": "2022-06-29T00:00:26Z",
"published": "2022-06-21T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41682"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/issues/4747"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HWMH-8F75-6428
Vulnerability from github – Published: 2024-07-09 21:30 – Updated: 2024-07-11 15:30In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-23697"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T21:15:12Z",
"severity": "MODERATE"
},
"details": "In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-hwmh-8f75-6428",
"modified": "2024-07-11T15:30:45Z",
"published": "2024-07-09T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23697"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-HWPC-V7RX-8PCJ
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Windows Brokering File System allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50466"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:51Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Brokering File System allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-hwpc-v7rx-8pcj",
"modified": "2026-07-14T18:32:25Z",
"published": "2026-07-14T18:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50466"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50466"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HWRM-P2XQ-Q6HH
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."
{
"affected": [],
"aliases": [
"CVE-2019-17582"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-09T19:15:00Z",
"severity": "CRITICAL"
},
"details": "A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states \"This use-after-free is triggered prior to the double free reported in CVE-2017-12858.\"",
"id": "GHSA-hwrm-p2xq-q6hh",
"modified": "2022-05-24T17:41:23Z",
"published": "2022-05-24T17:41:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17582"
},
{
"type": "WEB",
"url": "https://github.com/nih-at/libzip/issues/5"
},
{
"type": "WEB",
"url": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796"
},
{
"type": "WEB",
"url": "https://libzip.org/libzip-discuss"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HWV5-XG68-86FH
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
{
"affected": [],
"aliases": [
"CVE-2018-10879"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-26T18:29:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.",
"id": "GHSA-hwv5-xg68-86fh",
"modified": "2022-05-13T01:34:55Z",
"published": "2022-05-13T01:34:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10879"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3871-5"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3871-4"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3871-3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3871-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3753-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3753-1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596806"
},
{
"type": "WEB",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200001"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2018-10879"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"type": "WEB",
"url": "http://patchwork.ozlabs.org/patch/928666"
},
{
"type": "WEB",
"url": "http://patchwork.ozlabs.org/patch/928667"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104902"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HWWF-M48R-HF96
Vulnerability from github – Published: 2023-09-27 15:30 – Updated: 2025-11-04 21:30A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2023-41071"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-27T15:19:26Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-hwwf-m48r-hf96",
"modified": "2025-11-04T21:30:42Z",
"published": "2023-09-27T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41071"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213931"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213936"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213937"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213938"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213931"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213936"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213937"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213938"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/10"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/5"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/8"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HWWJ-XRC2-6HXG
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:38A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.
The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.
We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
{
"affected": [],
"aliases": [
"CVE-2023-2235"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-01T13:15:44Z",
"severity": "HIGH"
},
"details": "A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.\n\nThe perf_group_detach function did not check the event\u0027s siblings\u0027 attach_state before calling add_event_to_groups(), but\u00a0remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.\n\n",
"id": "GHSA-hwwj-xrc2-6hxg",
"modified": "2024-04-04T05:38:32Z",
"published": "2023-07-06T19:24:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2235"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd0815f632c24878e325821943edccc7fde947a2"
},
{
"type": "WEB",
"url": "https://kernel.dance/fd0815f632c24878e325821943edccc7fde947a2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HX3W-3HFQ-WX6V
Vulnerability from github – Published: 2023-05-10 18:30 – Updated: 2024-04-04 04:01Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
{
"affected": [],
"aliases": [
"CVE-2023-31566"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T16:15:12Z",
"severity": "HIGH"
},
"details": "Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().",
"id": "GHSA-hx3w-3hfq-wx6v",
"modified": "2024-04-04T04:01:19Z",
"published": "2023-05-10T18:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31566"
},
{
"type": "WEB",
"url": "https://github.com/podofo/podofo/issues/70"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HX4J-3826-JWRV
Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-29 21:30In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/A
{
"affected": [],
"aliases": [
"CVE-2023-21043"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-24T20:15:00Z",
"severity": "MODERATE"
},
"details": "In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/A",
"id": "GHSA-hx4j-3826-jwrv",
"modified": "2023-03-29T21:30:23Z",
"published": "2023-03-24T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21043"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2023-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.