Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-HWJ4-78R5-RWH6

Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-10 21:32
VLAI
Details

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T19:17:19Z",
    "severity": "HIGH"
  },
  "details": "Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-hwj4-78r5-rwh6",
  "modified": "2026-03-10T21:32:16Z",
  "published": "2026-03-10T21:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27276"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb26-29.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWJ8-33PV-37R3

Vulnerability from github – Published: 2022-06-21 00:00 – Updated: 2022-06-29 00:00
VLAI
Details

There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41682"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-20T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0",
  "id": "GHSA-hwj8-33pv-37r3",
  "modified": "2022-06-29T00:00:26Z",
  "published": "2022-06-21T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41682"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jerryscript-project/jerryscript/issues/4747"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWMH-8F75-6428

Vulnerability from github – Published: 2024-07-09 21:30 – Updated: 2024-07-11 15:30
VLAI
Details

In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T21:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-hwmh-8f75-6428",
  "modified": "2024-07-11T15:30:45Z",
  "published": "2024-07-09T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23697"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWPC-V7RX-8PCJ

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use after free in Windows Brokering File System allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:51Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows Brokering File System allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-hwpc-v7rx-8pcj",
  "modified": "2026-07-14T18:32:25Z",
  "published": "2026-07-14T18:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50466"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50466"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWRM-P2XQ-Q6HH

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-17582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-09T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states \"This use-after-free is triggered prior to the double free reported in CVE-2017-12858.\"",
  "id": "GHSA-hwrm-p2xq-q6hh",
  "modified": "2022-05-24T17:41:23Z",
  "published": "2022-05-24T17:41:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17582"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nih-at/libzip/issues/5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796"
    },
    {
      "type": "WEB",
      "url": "https://libzip.org/libzip-discuss"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HWV5-XG68-86FH

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10879"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-26T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.",
  "id": "GHSA-hwv5-xg68-86fh",
  "modified": "2022-05-13T01:34:55Z",
  "published": "2022-05-13T01:34:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10879"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3871-5"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3871-4"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3871-3"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3871-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3753-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3753-1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596806"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200001"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2018-10879"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3096"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3083"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2948"
    },
    {
      "type": "WEB",
      "url": "http://patchwork.ozlabs.org/patch/928666"
    },
    {
      "type": "WEB",
      "url": "http://patchwork.ozlabs.org/patch/928667"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104902"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWWF-M48R-HF96

Vulnerability from github – Published: 2023-09-27 15:30 – Updated: 2025-11-04 21:30
VLAI
Details

A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-27T15:19:26Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-hwwf-m48r-hf96",
  "modified": "2025-11-04T21:30:42Z",
  "published": "2023-09-27T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41071"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213931"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213936"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213937"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213938"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213931"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213936"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213937"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213938"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/10"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/5"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/8"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Oct/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWWJ-XRC2-6HXG

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:38
VLAI
Details

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.

The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.

We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-01T13:15:44Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.\n\nThe perf_group_detach function did not check the event\u0027s siblings\u0027 attach_state before calling add_event_to_groups(), but\u00a0remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.\n\n",
  "id": "GHSA-hwwj-xrc2-6hxg",
  "modified": "2024-04-04T05:38:32Z",
  "published": "2023-07-06T19:24:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2235"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd0815f632c24878e325821943edccc7fde947a2"
    },
    {
      "type": "WEB",
      "url": "https://kernel.dance/fd0815f632c24878e325821943edccc7fde947a2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX3W-3HFQ-WX6V

Vulnerability from github – Published: 2023-05-10 18:30 – Updated: 2024-04-04 04:01
VLAI
Details

Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31566"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-10T16:15:12Z",
    "severity": "HIGH"
  },
  "details": "Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().",
  "id": "GHSA-hx3w-3hfq-wx6v",
  "modified": "2024-04-04T04:01:19Z",
  "published": "2023-05-10T18:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31566"
    },
    {
      "type": "WEB",
      "url": "https://github.com/podofo/podofo/issues/70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX4J-3826-JWRV

Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-29 21:30
VLAI
Details

In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/A

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-24T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/A",
  "id": "GHSA-hx4j-3826-jwrv",
  "modified": "2023-03-29T21:30:23Z",
  "published": "2023-03-24T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21043"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2023-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.