Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-J5R5-JMR3-48C5

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 15:30
VLAI
Details

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.
Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.\u003cbr /\u003e*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR \u003c 102.6, Firefox \u003c 105, and Thunderbird \u003c 102.6.",
  "id": "GHSA-j5r5-jmr3-48c5",
  "modified": "2025-04-15T15:30:38Z",
  "published": "2022-12-22T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46880"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1749292"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-06"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-13"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-40"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-52"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-53"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5VH-VFG7-3V94

Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2026-05-12 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer.

In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT).

In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop.

net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T18:15:25Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
  "id": "GHSA-j5vh-vfg7-3v94",
  "modified": "2026-05-12T15:30:42Z",
  "published": "2024-11-19T18:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53057"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05df1b1dff8f197f1c275b57ccb2ca33021df552"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e95c4384438adeaa772caa560244b1a2efef816"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/580b3189c1972aff0f993837567d36392e9d981b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/597cf9748c3477bf61bc35f0634129f56764ad24"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9995909615c3431a5304c1210face5f268d24dba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ce691c814bc7a3c30c220ffb5b7422715458fd9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dbe778b08b5101df9e89bc06e0a3a7ecd2f4ef20"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7f9a6f97eb067599a74f3bcb6761976b0ed303e"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5VV-GJ42-CWRM

Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2025-12-11 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()

When executing SMP task failed, the smp_execute_task_sg() calls del_timer() to delete "slow_task->timer". However, if the timer handler sas_task_internal_timedout() is running, the del_timer() in smp_execute_task_sg() will not stop it and a UAF will happen. The process is shown below:

  (thread 1)               |        (thread 2)

smp_execute_task_sg() | sas_task_internal_timedout() ... | del_timer() | ... | ... sas_free_task(task) | kfree(task->slow_task) //FREE| | task->slow_task->... //USE

Fix by calling del_timer_sync() in smp_execute_task_sg(), which makes sure the timer handler have finished before the "task->slow_task" is deallocated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:33Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libsas: Fix use-after-free bug in smp_execute_task_sg()\n\nWhen executing SMP task failed, the smp_execute_task_sg() calls del_timer()\nto delete \"slow_task-\u003etimer\". However, if the timer handler\nsas_task_internal_timedout() is running, the del_timer() in\nsmp_execute_task_sg() will not stop it and a UAF will happen. The process\nis shown below:\n\n      (thread 1)               |        (thread 2)\nsmp_execute_task_sg()          | sas_task_internal_timedout()\n ...                           |\n del_timer()                   |\n ...                           |  ...\n sas_free_task(task)           |\n  kfree(task-\u003eslow_task) //FREE|\n                               |  task-\u003eslow_task-\u003e... //USE\n\nFix by calling del_timer_sync() in smp_execute_task_sg(), which makes sure\nthe timer handler have finished before the \"task-\u003eslow_task\" is\ndeallocated.",
  "id": "GHSA-j5vv-gj42-cwrm",
  "modified": "2025-12-11T18:30:36Z",
  "published": "2025-10-01T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50422"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/117331a2a5227fb4369c2a1f321d3e3e2e2ef8fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e12ce270f0d926085c1209cc90397e307deef97"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46ba53c30666717cb06c2b3c5d896301cd00d0c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9e5176ead6de64f572ad5c87a72825d9d3c82ae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e45a1516d2933703a4823d9db71e17c3abeba24f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7a785177611ffc97d645fcbc196e6de6ad2421d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J5XV-WJFV-F3GX

Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-10 19:01
VLAI
Details

Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-09T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-j5xv-wjfv-f3gx",
  "modified": "2022-11-10T19:01:05Z",
  "published": "2022-11-10T12:01:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3450"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1369882"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J656-4P6J-H695

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31
VLAI
Details

Use after free in Audio in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10933"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T23:16:55Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Audio in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-j656-4p6j-h695",
  "modified": "2026-06-05T03:31:31Z",
  "published": "2026-06-05T00:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10933"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/501557633"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J665-W9JF-C86M

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-26T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-j665-w9jf-c86m",
  "modified": "2022-05-24T19:12:16Z",
  "published": "2022-05-24T19:12:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30600"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1231134"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-J667-F3J6-GRR4

Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:03
VLAI
Details

Memory corruption in Automotive Display while destroying the image handle created using connected display driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-03T06:15:27Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in Automotive Display while destroying the image handle created using connected display driver.",
  "id": "GHSA-j667-f3j6-grr4",
  "modified": "2024-04-04T08:03:23Z",
  "published": "2023-10-03T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33039"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J66F-JC3V-93VP

Vulnerability from github – Published: 2024-02-21 15:30 – Updated: 2024-03-15 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: tls: fix use-after-free with partial reads and async decrypt

tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-21T15:15:09Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: fix use-after-free with partial reads and async decrypt\n\ntls_decrypt_sg doesn\u0027t take a reference on the pages from clear_skb,\nso the put_page() in tls_decrypt_done releases them, and we trigger\na use-after-free in process_rx_list when we try to read from the\npartially-read skb.",
  "id": "GHSA-j66f-jc3v-93vp",
  "modified": "2024-03-15T15:30:42Z",
  "published": "2024-02-21T15:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26582"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/20b4ed034872b4d024b26e2bc1092c3f80e5db96"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/754c9bab77a1b895b97bd99d754403c505bc79df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d684763534b969cca1022e2a28645c7cc91f7fa5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J66M-F2PJ-CWR3

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24
VLAI
Details

Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-1824"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-09-24T19:00:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.",
  "id": "GHSA-j66m-f2pj-cwr3",
  "modified": "2022-05-13T01:24:49Z",
  "published": "2022-05-13T01:24:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1824"
    },
    {
      "type": "WEB",
      "url": "https://bugs.webkit.org/show_bug.cgi?id=43260"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7151"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=50712"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4554"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4566"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-095"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-J69R-W7X9-CQH4

Vulnerability from github – Published: 2021-12-24 00:00 – Updated: 2022-01-05 00:01
VLAI
Details

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-23T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-j69r-w7x9-cqh4",
  "modified": "2022-01-05T00:01:45Z",
  "published": "2021-12-24T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3886"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211100"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.