CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-MVJR-3JGQ-45RJ
Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38119"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T17:15:23Z",
"severity": "HIGH"
},
"details": "Windows Network Address Translation (NAT) Remote Code Execution Vulnerability",
"id": "GHSA-mvjr-3jgq-45rj",
"modified": "2024-09-10T18:30:45Z",
"published": "2024-09-10T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38119"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38119"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVMC-HWXC-57RG
Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-23 00:00Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2022-22090"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-14T10:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile",
"id": "GHSA-mvmc-hwxc-57rg",
"modified": "2022-06-23T00:00:34Z",
"published": "2022-06-15T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22090"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVPF-27QC-FJCX
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-33099"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:17:32Z",
"severity": "HIGH"
},
"details": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-mvpf-27qc-fjcx",
"modified": "2026-04-14T18:30:42Z",
"published": "2026-04-14T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33099"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33099"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVQ3-V998-W43F
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
net: gtp: Fix Use-After-Free in gtp_dellink
Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free.
To prevent this, it should be changed to hlist_for_each_entry_safe.
{
"affected": [],
"aliases": [
"CVE-2024-27396"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:12:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
"id": "GHSA-mvq3-v998-w43f",
"modified": "2026-05-12T12:31:46Z",
"published": "2024-05-14T15:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27396"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVWV-CXFC-W333
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use after free in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
{
"affected": [],
"aliases": [
"CVE-2026-55000"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:17:07Z",
"severity": "MODERATE"
},
"details": "Use after free in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.",
"id": "GHSA-mvwv-cxfc-w333",
"modified": "2026-07-14T18:32:09Z",
"published": "2026-07-14T18:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55000"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVX7-HP9W-V6MV
Vulnerability from github – Published: 2022-09-10 00:00 – Updated: 2022-09-14 00:00An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
{
"affected": [],
"aliases": [
"CVE-2022-40307"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-09T05:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.",
"id": "GHSA-mvx7-hp9w-v6mv",
"modified": "2022-09-14T00:00:45Z",
"published": "2022-09-10T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40307"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5257"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVXW-7652-J4R7
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6266.
{
"affected": [],
"aliases": [
"CVE-2018-14306"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document\u0027s elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6266.",
"id": "GHSA-mvxw-7652-j4r7",
"modified": "2022-05-13T01:34:33Z",
"published": "2022-05-13T01:34:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14306"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-766"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW24-3X3M-JGJ7
Vulnerability from github – Published: 2022-05-17 02:14 – Updated: 2022-05-17 02:14Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.
{
"affected": [],
"aliases": [
"CVE-2016-6980"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-26T17:59:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.",
"id": "GHSA-mw24-3x3m-jgj7",
"modified": "2022-05-17T02:14:37Z",
"published": "2022-05-17T02:14:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6980"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93179"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036793"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW2H-9MQR-794Q
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Win32k Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-26241"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:45Z",
"severity": "HIGH"
},
"details": "Win32k Elevation of Privilege Vulnerability",
"id": "GHSA-mw2h-9mqr-794q",
"modified": "2024-04-09T18:30:26Z",
"published": "2024-04-09T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26241"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26241"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW2P-R6H9-WR7X
Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-41831"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T15:15:28Z",
"severity": "HIGH"
},
"details": "Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-mw2p-r6h9-wr7x",
"modified": "2024-08-14T15:31:18Z",
"published": "2024-08-14T15:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41831"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.