Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-J597-89QC-9CW4

Vulnerability from github – Published: 2024-05-16 09:33 – Updated: 2024-05-16 09:33
VLAI
Details

Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20792"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-16T09:15:09Z",
    "severity": "HIGH"
  },
  "details": "Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-j597-89qc-9cw4",
  "modified": "2024-05-16T09:33:07Z",
  "published": "2024-05-16T09:33:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20792"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-30.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5CF-XCHC-9RF8

Vulnerability from github – Published: 2026-03-02 18:31 – Updated: 2026-03-02 18:31
VLAI
Details

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-02T17:16:27Z",
    "severity": "HIGH"
  },
  "details": "Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.",
  "id": "GHSA-j5cf-xchc-9rf8",
  "modified": "2026-03-02T18:31:45Z",
  "published": "2026-03-02T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47386"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5FV-C2RQ-QX5W

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38
VLAI
Details

Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-08T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-j5fv-c2rq-qx5w",
  "modified": "2022-05-24T17:38:19Z",
  "published": "2022-05-24T17:38:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16039"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1149177"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-J5G7-CH8C-PW9M

Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-02-11 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: release svc_expkey/svc_export with rcu_work

The last reference for cache_head can be reduced to zero in c_show and e_show(using rcu_read_lock and rcu_read_unlock). Consequently, svc_export_put and expkey_put will be invoked, leading to two issues:

  1. The svc_export_put will directly free ex_uuid. However, e_show/c_show will access ex_uuid after cache_put, which can trigger a use-after-free issue, shown below.

================================================================== BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd] Read of size 1 at addr ff11000010fdc120 by task cat/870

CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: dump_stack_lvl+0x53/0x70 print_address_description.constprop.0+0x2c/0x3a0 print_report+0xb9/0x280 kasan_report+0xae/0xe0 svc_export_show+0x362/0x430 [nfsd] c_show+0x161/0x390 [sunrpc] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 proc_reg_read+0xe1/0x140 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Allocated by task 830: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc_node_track_caller_noprof+0x1bc/0x400 kmemdup_noprof+0x22/0x50 svc_export_parse+0x8a9/0xb80 [nfsd] cache_do_downcall+0x71/0xa0 [sunrpc] cache_write_procfs+0x8e/0xd0 [sunrpc] proc_reg_write+0xe1/0x140 vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Freed by task 868: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kfree+0xf3/0x3e0 svc_export_put+0x87/0xb0 [nfsd] cache_purge+0x17f/0x1f0 [sunrpc] nfsd_destroy_serv+0x226/0x2d0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e

  1. We cannot sleep while using rcu_read_lock/rcu_read_unlock. However, svc_export_put/expkey_put will call path_put, which subsequently triggers a sleeping operation due to the following dput.

============================= WARNING: suspicious RCU usage 5.10.0-dirty #141 Not tainted


... Call Trace: dump_stack+0x9a/0xd0 ___might_sleep+0x231/0x240 dput+0x39/0x600 path_put+0x1b/0x30 svc_export_put+0x17/0x80 e_show+0x1c9/0x200 seq_read_iter+0x63f/0x7c0 seq_read+0x226/0x2d0 vfs_read+0x113/0x2c0 ksys_read+0xc9/0x170 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1

Fix these issues by using rcu_work to help release svc_expkey/svc_export. This approach allows for an asynchronous context to invoke path_put and also facilitates the freeing of uuid/exp/key after an RCU grace period.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T14:15:29Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: release svc_expkey/svc_export with rcu_work\n\nThe last reference for `cache_head` can be reduced to zero in `c_show`\nand `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently,\n`svc_export_put` and `expkey_put` will be invoked, leading to two\nissues:\n\n1. The `svc_export_put` will directly free ex_uuid. However,\n   `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can\n   trigger a use-after-free issue, shown below.\n\n   ==================================================================\n   BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd]\n   Read of size 1 at addr ff11000010fdc120 by task cat/870\n\n   CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1\n   Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n   1.16.1-2.fc37 04/01/2014\n   Call Trace:\n    \u003cTASK\u003e\n    dump_stack_lvl+0x53/0x70\n    print_address_description.constprop.0+0x2c/0x3a0\n    print_report+0xb9/0x280\n    kasan_report+0xae/0xe0\n    svc_export_show+0x362/0x430 [nfsd]\n    c_show+0x161/0x390 [sunrpc]\n    seq_read_iter+0x589/0x770\n    seq_read+0x1e5/0x270\n    proc_reg_read+0xe1/0x140\n    vfs_read+0x125/0x530\n    ksys_read+0xc1/0x160\n    do_syscall_64+0x5f/0x170\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n   Allocated by task 830:\n    kasan_save_stack+0x20/0x40\n    kasan_save_track+0x14/0x30\n    __kasan_kmalloc+0x8f/0xa0\n    __kmalloc_node_track_caller_noprof+0x1bc/0x400\n    kmemdup_noprof+0x22/0x50\n    svc_export_parse+0x8a9/0xb80 [nfsd]\n    cache_do_downcall+0x71/0xa0 [sunrpc]\n    cache_write_procfs+0x8e/0xd0 [sunrpc]\n    proc_reg_write+0xe1/0x140\n    vfs_write+0x1a5/0x6d0\n    ksys_write+0xc1/0x160\n    do_syscall_64+0x5f/0x170\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n   Freed by task 868:\n    kasan_save_stack+0x20/0x40\n    kasan_save_track+0x14/0x30\n    kasan_save_free_info+0x3b/0x60\n    __kasan_slab_free+0x37/0x50\n    kfree+0xf3/0x3e0\n    svc_export_put+0x87/0xb0 [nfsd]\n    cache_purge+0x17f/0x1f0 [sunrpc]\n    nfsd_destroy_serv+0x226/0x2d0 [nfsd]\n    nfsd_svc+0x125/0x1e0 [nfsd]\n    write_threads+0x16a/0x2a0 [nfsd]\n    nfsctl_transaction_write+0x74/0xa0 [nfsd]\n    vfs_write+0x1a5/0x6d0\n    ksys_write+0xc1/0x160\n    do_syscall_64+0x5f/0x170\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`.\n   However, `svc_export_put`/`expkey_put` will call path_put, which\n   subsequently triggers a sleeping operation due to the following\n   `dput`.\n\n   =============================\n   WARNING: suspicious RCU usage\n   5.10.0-dirty #141 Not tainted\n   -----------------------------\n   ...\n   Call Trace:\n   dump_stack+0x9a/0xd0\n   ___might_sleep+0x231/0x240\n   dput+0x39/0x600\n   path_put+0x1b/0x30\n   svc_export_put+0x17/0x80\n   e_show+0x1c9/0x200\n   seq_read_iter+0x63f/0x7c0\n   seq_read+0x226/0x2d0\n   vfs_read+0x113/0x2c0\n   ksys_read+0xc9/0x170\n   do_syscall_64+0x33/0x40\n   entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nFix these issues by using `rcu_work` to help release\n`svc_expkey`/`svc_export`. This approach allows for an asynchronous\ncontext to invoke `path_put` and also facilitates the freeing of\n`uuid/exp/key` after an RCU grace period.",
  "id": "GHSA-j5g7-ch8c-pw9m",
  "modified": "2025-02-11T18:31:22Z",
  "published": "2024-12-27T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53216"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e4854599200f4d021df8ae17e69221d7c149f3e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad4363a24a5746b257c0beb5d8cc68f9b62c173f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd8524148dd8c123334b066faa90590ba2ef8e6f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f8c989a0c89a75d30f899a7cabdc14d72522bb8d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5JF-WF2J-J88Q

Vulnerability from github – Published: 2024-11-23 03:31 – Updated: 2024-11-23 03:31
VLAI
Details

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25173.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T22:15:21Z",
    "severity": "HIGH"
  },
  "details": "Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25173.",
  "id": "GHSA-j5jf-wf2j-j88q",
  "modified": "2024-11-23T03:31:59Z",
  "published": "2024-11-23T03:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9254"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1307"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5M6-WGMM-M7M9

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib

amdgpu_amdkfd_submit_ib() submits a GPU job and gets a fence from amdgpu_ib_schedule(). This fence is used to wait for job completion.

Currently, the code drops the fence reference using dma_fence_put() before calling dma_fence_wait().

If dma_fence_put() releases the last reference, the fence may be freed before dma_fence_wait() is called. This can lead to a use-after-free.

Fix this by waiting on the fence first and releasing the reference only after dma_fence_wait() completes.

Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c:697 amdgpu_amdkfd_submit_ib() warn: passing freed memory 'f' (line 696)

(cherry picked from commit 8b9e5259adc385b61a6590a13b82ae0ac2bd3482)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31566"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:31Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib\n\namdgpu_amdkfd_submit_ib() submits a GPU job and gets a fence\nfrom amdgpu_ib_schedule(). This fence is used to wait for job\ncompletion.\n\nCurrently, the code drops the fence reference using dma_fence_put()\nbefore calling dma_fence_wait().\n\nIf dma_fence_put() releases the last reference, the fence may be\nfreed before dma_fence_wait() is called. This can lead to a\nuse-after-free.\n\nFix this by waiting on the fence first and releasing the reference\nonly after dma_fence_wait() completes.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c:697 amdgpu_amdkfd_submit_ib() warn: passing freed memory \u0027f\u0027 (line 696)\n\n(cherry picked from commit 8b9e5259adc385b61a6590a13b82ae0ac2bd3482)",
  "id": "GHSA-j5m6-wgmm-m7m9",
  "modified": "2026-04-27T15:30:43Z",
  "published": "2026-04-24T15:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31566"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/138e42be35ff2ce6572ae744de851ea286cf3c69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39820864eacd886f1a6f817414fb8f9ea3e9a2b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42d248726a0837640452b71c5a202ca3d35239ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7150850146ebfa4ca998f653f264b8df6f7f85be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc7760c107dc08ef3e231d72c492e67b0a86848b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e23602eb0779760544314ed3905fa6a89a4e4070"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5P4-42CC-2J44

Vulnerability from github – Published: 2022-10-17 19:00 – Updated: 2026-01-24 21:30
VLAI
Details

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-17T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.",
  "id": "GHSA-j5p4-42cc-2j44",
  "modified": "2026-01-24T21:30:23Z",
  "published": "2022-10-17T19:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0699"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OSGeo/shapelib/issues/39"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00023.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5Q2-8W84-H9F9

Vulnerability from github – Published: 2023-08-10 15:30 – Updated: 2024-04-04 06:47
VLAI
Details

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38224"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-10T14:15:12Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-j5q2-8w84-h9f9",
  "modified": "2024-04-04T06:47:30Z",
  "published": "2023-08-10T15:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38224"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-30.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5QJ-J5JR-MGJH

Vulnerability from github – Published: 2024-04-02 18:31 – Updated: 2024-08-01 15:31
VLAI
Details

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-02T18:15:12Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts.",
  "id": "GHSA-j5qj-j5jr-mgjh",
  "modified": "2024-08-01T15:31:36Z",
  "published": "2024-04-02T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30809"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/937"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-30809"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5R4-2MJG-6XCC

Vulnerability from github – Published: 2023-12-18 18:30 – Updated: 2026-05-12 12:31
VLAI
Details

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.

We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-18T15:15:10Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.",
  "id": "GHSA-j5r4-2mjg-6xcc",
  "modified": "2026-05-12T12:31:34Z",
  "published": "2023-12-18T18:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6817"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a"
    },
    {
      "type": "WEB",
      "url": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/12/22/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/12/22/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.