CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-J879-HG9W-V5QV
Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
{
"affected": [],
"aliases": [
"CVE-2020-9273"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-20T16:15:00Z",
"severity": "HIGH"
},
"details": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",
"id": "GHSA-j879-hg9w-v5qv",
"modified": "2022-05-24T17:09:25Z",
"published": "2022-05-24T17:09:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9273"
},
{
"type": "WEB",
"url": "https://github.com/proftpd/proftpd/issues/903"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"type": "WEB",
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4635"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J88H-8HG6-4P3W
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-13845"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:16:59Z",
"severity": "HIGH"
},
"details": "Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-j88h-8hg6-4p3w",
"modified": "2026-07-01T15:35:01Z",
"published": "2026-07-01T00:34:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13845"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/516936863"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J89Q-H74W-5C2Q
Vulnerability from github – Published: 2026-05-14 21:30 – Updated: 2026-05-14 21:30Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2026-8522"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-14T20:17:12Z",
"severity": "HIGH"
},
"details": "Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-j89q-h74w-5c2q",
"modified": "2026-05-14T21:30:44Z",
"published": "2026-05-14T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8522"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/504185107"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8C4-54PW-H2VW
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.
{
"affected": [],
"aliases": [
"CVE-2020-7463"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-26T21:15:00Z",
"severity": "MODERATE"
},
"details": "In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.",
"id": "GHSA-j8c4-54pw-h2vw",
"modified": "2022-05-24T17:45:31Z",
"published": "2022-05-24T17:45:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7463"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212317"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212318"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212319"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212321"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212323"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212324"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212325"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Apr/49"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Apr/50"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Apr/57"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Apr/58"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Apr/59"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8C5-G64V-XJ97
Vulnerability from github – Published: 2023-09-06 15:30 – Updated: 2025-02-13 18:31A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
{
"affected": [],
"aliases": [
"CVE-2023-4623"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-06T14:15:12Z",
"severity": "HIGH"
},
"details": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.",
"id": "GHSA-j8c5-g64v-xj97",
"modified": "2025-02-13T18:31:51Z",
"published": "2023-09-06T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4623"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
},
{
"type": "WEB",
"url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8CJ-HW74-64JV
Vulnerability from github – Published: 2026-02-28 02:48 – Updated: 2026-02-28 02:48Drop implementation for Hive did perform free, but so did Hive::close, which, at the end of the scope performed Drop, therefore triggering double-free.
Additionally, function Hive::from_handle was not marked as unsafe, making it, in combination with as_handle easy to clone and trigger double-free in safe code or triggering UB when using invalid pointer.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "hivex"
},
"ranges": [
{
"events": [
{
"introduced": "0.2.0"
},
{
"fixed": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.2.0"
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-28T02:48:45Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "`Drop` implementation for `Hive` did perform free, but so did `Hive::close`, which, at the end of the scope performed `Drop`, therefore triggering double-free.\n\nAdditionally, function `Hive::from_handle` was not marked as unsafe, making it, in combination with `as_handle` easy to clone and trigger double-free in safe code or triggering UB when using invalid pointer.",
"id": "GHSA-j8cj-hw74-64jv",
"modified": "2026-02-28T02:48:45Z",
"published": "2026-02-28T02:48:45Z",
"references": [
{
"type": "WEB",
"url": "https://codeberg.org/1millibyte/toolsnt/commit/f4c7a0d1fc4a08ce40bb76e447a69a6f383a916e"
},
{
"type": "WEB",
"url": "https://codeberg.org/1millibyte/toolsnt/issues/18"
},
{
"type": "WEB",
"url": "https://docs.rs/crate/hivex"
},
{
"type": "WEB",
"url": "https://docs.rs/crate/hivex/0.2.1/source"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0029.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Hive has Double-free and Use After Free Vulnerabilities"
}
GHSA-J8F5-GJ52-GH4C
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-55331"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:15:46Z",
"severity": "HIGH"
},
"details": "Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-j8f5-gj52-gh4c",
"modified": "2025-10-14T18:30:30Z",
"published": "2025-10-14T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55331"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55331"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8F6-F8VV-9F5C
Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-05 00:00Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
{
"affected": [],
"aliases": [
"CVE-2022-2481"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-28T02:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.",
"id": "GHSA-j8f6-f8vv-9f5c",
"modified": "2022-08-05T00:00:26Z",
"published": "2022-07-29T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2481"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1341603"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8F6-Q345-C99F
Vulnerability from github – Published: 2024-03-19 12:30 – Updated: 2024-08-12 21:31If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
{
"affected": [],
"aliases": [
"CVE-2024-2612"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-19T12:15:09Z",
"severity": "HIGH"
},
"details": "If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
"id": "GHSA-j8f6-q345-c99f",
"modified": "2024-08-12T21:31:31Z",
"published": "2024-03-19T12:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2612"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879444"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-12"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-13"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8FR-GHG4-6WPR
Vulnerability from github – Published: 2026-06-18 15:32 – Updated: 2026-07-02 21:32In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).
{
"affected": [],
"aliases": [
"CVE-2026-9158"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-18T14:17:36Z",
"severity": "MODERATE"
},
"details": "In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).",
"id": "GHSA-j8fr-ghg4-6wpr",
"modified": "2026-07-02T21:32:04Z",
"published": "2026-06-18T15:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9158"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignment/-/work_items/109"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:L/U:Green",
"type": "CVSS_V4"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.