Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-J879-HG9W-V5QV

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09
VLAI
Details

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-20T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",
  "id": "GHSA-j879-hg9w-v5qv",
  "modified": "2022-05-24T17:09:25Z",
  "published": "2022-05-24T17:09:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9273"
    },
    {
      "type": "WEB",
      "url": "https://github.com/proftpd/proftpd/issues/903"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-35"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4635"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-J88H-8HG6-4P3W

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35
VLAI
Details

Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:16:59Z",
    "severity": "HIGH"
  },
  "details": "Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-j88h-8hg6-4p3w",
  "modified": "2026-07-01T15:35:01Z",
  "published": "2026-07-01T00:34:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13845"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/516936863"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J89Q-H74W-5C2Q

Vulnerability from github – Published: 2026-05-14 21:30 – Updated: 2026-05-14 21:30
VLAI
Details

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T20:17:12Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
  "id": "GHSA-j89q-h74w-5c2q",
  "modified": "2026-05-14T21:30:44Z",
  "published": "2026-05-14T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8522"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/504185107"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8C4-54PW-H2VW

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-26T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.",
  "id": "GHSA-j8c4-54pw-h2vw",
  "modified": "2022-05-24T17:45:31Z",
  "published": "2022-05-24T17:45:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7463"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212317"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212318"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212319"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212321"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212323"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212324"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212325"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Apr/49"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Apr/50"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Apr/57"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Apr/58"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Apr/59"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8C5-G64V-XJ97

Vulnerability from github – Published: 2023-09-06 15:30 – Updated: 2025-02-13 18:31
VLAI
Details

A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.

If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.

We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4623"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-06T14:15:12Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.",
  "id": "GHSA-j8c5-g64v-xj97",
  "modified": "2025-02-13T18:31:51Z",
  "published": "2023-09-06T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4623"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
    },
    {
      "type": "WEB",
      "url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8CJ-HW74-64JV

Vulnerability from github – Published: 2026-02-28 02:48 – Updated: 2026-02-28 02:48
VLAI
Summary
Hive has Double-free and Use After Free Vulnerabilities
Details

Drop implementation for Hive did perform free, but so did Hive::close, which, at the end of the scope performed Drop, therefore triggering double-free.

Additionally, function Hive::from_handle was not marked as unsafe, making it, in combination with as_handle easy to clone and trigger double-free in safe code or triggering UB when using invalid pointer.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "hivex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.2.0"
            },
            {
              "fixed": "0.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.2.0"
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-415",
      "CWE-416"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-28T02:48:45Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "`Drop` implementation for `Hive` did perform free, but so did `Hive::close`, which, at the end of the scope performed `Drop`, therefore triggering double-free.\n\nAdditionally, function `Hive::from_handle` was not marked as unsafe, making it, in combination with `as_handle` easy to clone and trigger double-free in safe code or triggering UB when using invalid pointer.",
  "id": "GHSA-j8cj-hw74-64jv",
  "modified": "2026-02-28T02:48:45Z",
  "published": "2026-02-28T02:48:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://codeberg.org/1millibyte/toolsnt/commit/f4c7a0d1fc4a08ce40bb76e447a69a6f383a916e"
    },
    {
      "type": "WEB",
      "url": "https://codeberg.org/1millibyte/toolsnt/issues/18"
    },
    {
      "type": "WEB",
      "url": "https://docs.rs/crate/hivex"
    },
    {
      "type": "WEB",
      "url": "https://docs.rs/crate/hivex/0.2.1/source"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0029.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Hive has Double-free and Use After Free Vulnerabilities"
}

GHSA-J8F5-GJ52-GH4C

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:46Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-j8f5-gj52-gh4c",
  "modified": "2025-10-14T18:30:30Z",
  "published": "2025-10-14T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55331"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8F6-F8VV-9F5C

Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-05 00:00
VLAI
Details

Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-28T02:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.",
  "id": "GHSA-j8f6-f8vv-9f5c",
  "modified": "2022-08-05T00:00:26Z",
  "published": "2022-07-29T00:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2481"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1341603"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-35"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8F6-Q345-C99F

Vulnerability from github – Published: 2024-03-19 12:30 – Updated: 2024-08-12 21:31
VLAI
Details

If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-19T12:15:09Z",
    "severity": "HIGH"
  },
  "details": "If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
  "id": "GHSA-j8f6-q345-c99f",
  "modified": "2024-08-12T21:31:31Z",
  "published": "2024-03-19T12:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2612"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-12"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-13"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J8FR-GHG4-6WPR

Vulnerability from github – Published: 2026-06-18 15:32 – Updated: 2026-07-02 21:32
VLAI
Details

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-18T14:17:36Z",
    "severity": "MODERATE"
  },
  "details": "In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).",
  "id": "GHSA-j8fr-ghg4-6wpr",
  "modified": "2026-07-02T21:32:04Z",
  "published": "2026-06-18T15:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9158"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eclipse.org/security/cve-assignment/-/work_items/109"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:L/U:Green",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.