CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-MJ5M-VQCR-C4PF
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6553"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-21T20:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-mj5m-vqcr-c4pf",
"modified": "2022-05-24T17:29:08Z",
"published": "2022-05-24T17:29:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6553"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1111307"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4824"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MJ5W-QVHH-J4J5
Vulnerability from github – Published: 2022-05-17 02:21 – Updated: 2022-05-17 02:21Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.
{
"affected": [],
"aliases": [
"CVE-2016-6949"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-13T19:59:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",
"id": "GHSA-mj5w-qvhh-j4j5",
"modified": "2022-05-17T02:21:31Z",
"published": "2022-05-17T02:21:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6949"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"type": "WEB",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1230"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036986"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ62-QHVM-653V
Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2022-02-27 00:00This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15376.
{
"affected": [],
"aliases": [
"CVE-2021-46582"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-18T20:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15376.",
"id": "GHSA-mj62-qhvm-653v",
"modified": "2022-02-27T00:00:23Z",
"published": "2022-02-19T00:01:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46582"
},
{
"type": "WEB",
"url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0008"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-169"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MJ64-2668-M2RV
Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 18:31A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.
{
"affected": [],
"aliases": [
"CVE-2022-38476"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T20:15:00Z",
"severity": "HIGH"
},
"details": "A data race could occur in the \u003ccode\u003ePK11_ChangePW\u003c/code\u003e function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR \u003c 102.2 and Thunderbird \u003c 102.2.",
"id": "GHSA-mj64-2668-m2rv",
"modified": "2025-04-15T18:31:34Z",
"published": "2022-12-22T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38476"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1760998"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-34"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-36"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ7M-2XG5-Q6G9
Vulnerability from github – Published: 2022-04-09 00:00 – Updated: 2022-04-15 00:00jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
{
"affected": [],
"aliases": [
"CVE-2022-28796"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-08T05:15:00Z",
"severity": "HIGH"
},
"details": "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.",
"id": "GHSA-mj7m-2xg5-q6g9",
"modified": "2022-04-15T00:00:58Z",
"published": "2022-04-09T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28796"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220506-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ8C-J6W6-JGXM
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2024-12-23 21:30In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7925e: fix use-after-free in free_irq()
From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76_REMOVED flag to indicate the device was removed and do not run into the resource access anymore.
{
"affected": [],
"aliases": [
"CVE-2024-27049"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:50Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925e: fix use-after-free in free_irq()\n\nFrom commit a304e1b82808 (\"[PATCH] Debug shared irqs\"), there is a test\nto make sure the shared irq handler should be able to handle the unexpected\nevent after deregistration. For this case, let\u0027s apply MT76_REMOVED flag to\nindicate the device was removed and do not run into the resource access\nanymore.",
"id": "GHSA-mj8c-j6w6-jgxm",
"modified": "2024-12-23T21:30:50Z",
"published": "2024-05-01T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27049"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d9930096e1f13cf6d9aabfbf95d0e05fb04144f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84470b48af03a818039d587478b415cbcb264ff5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5a5f4413d91f395cb2d89829d376d7393ad48b9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJC7-82X6-3544
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2024-10-17 21:31A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.
{
"affected": [],
"aliases": [
"CVE-2021-20204"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-06T15:15:00Z",
"severity": "CRITICAL"
},
"details": "A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.",
"id": "GHSA-mjc7-82x6-3544",
"modified": "2024-10-17T21:31:29Z",
"published": "2022-05-24T19:01:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20204"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956348"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43JTGEMYMCTHD3LHFD7ENBNSWCNBCYEY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GB7T7DW7XRPJOUE25ZE7GF244FPCHBWY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OE23HBLIVKVPOQ5MVADWPOCFMREVF4QZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43JTGEMYMCTHD3LHFD7ENBNSWCNBCYEY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GB7T7DW7XRPJOUE25ZE7GF244FPCHBWY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OE23HBLIVKVPOQ5MVADWPOCFMREVF4QZ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJCM-HF7X-HM3W
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-07-03 15:31In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix potential UAF after skb_unshare() failure
If skb_unshare() fails to unshare a packet due to allocation failure in rxrpc_input_packet(), the skb pointer in the parent (rxrpc_io_thread()) will be NULL'd out. This will likely cause the call to trace_rxrpc_rx_done() to oops.
Fix this by moving the unsharing down to where rxrpc_input_call_event() calls rxrpc_input_call_packet(). There are a number of places prior to that where we ignore DATA packets for a variety of reasons (such as the call already being complete) for which an unshare is then avoided.
And with that, rxrpc_input_packet() doesn't need to take a pointer to the pointer to the packet, so change that to just a pointer.
{
"affected": [],
"aliases": [
"CVE-2026-45998"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-825"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:17Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix potential UAF after skb_unshare() failure\n\nIf skb_unshare() fails to unshare a packet due to allocation failure in\nrxrpc_input_packet(), the skb pointer in the parent (rxrpc_io_thread())\nwill be NULL\u0027d out. This will likely cause the call to\ntrace_rxrpc_rx_done() to oops.\n\nFix this by moving the unsharing down to where rxrpc_input_call_event()\ncalls rxrpc_input_call_packet(). There are a number of places prior to\nthat where we ignore DATA packets for a variety of reasons (such as the\ncall already being complete) for which an unshare is then avoided.\n\nAnd with that, rxrpc_input_packet() doesn\u0027t need to take a pointer to the\npointer to the packet, so change that to just a pointer.",
"id": "GHSA-mjcm-hf7x-hm3w",
"modified": "2026-07-03T15:31:53Z",
"published": "2026-05-27T15:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45998"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34911"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-45998"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482024"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f2740150f904bfa60e4bad74d65add3ccb5e7f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8fde6296c4d4da2be7ab761305ab7f232b94eefd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/996b0487b3cdda4c91811dbb1c9564626bc840bd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf20f46d94f1db38e6ffc0ca204a5fe0de01b495"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3bf143b1e98fb3d6d9e6825bcd683974d478e8c"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45998.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJFQ-XMF5-HV6P
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
{
"affected": [],
"aliases": [
"CVE-2018-10685"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-02T22:29:00Z",
"severity": "CRITICAL"
},
"details": "In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",
"id": "GHSA-mjfq-xmf5-hv6p",
"modified": "2022-05-13T01:07:37Z",
"published": "2022-05-13T01:07:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10685"
},
{
"type": "WEB",
"url": "https://github.com/ckolivas/lrzip/issues/95"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJFR-374M-86MH
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2020-21688"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T21:15:00Z",
"severity": "HIGH"
},
"details": "A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.",
"id": "GHSA-mjfr-374m-86mh",
"modified": "2022-05-24T19:10:29Z",
"published": "2022-05-24T19:10:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21688"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/8186"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4998"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.