CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-PRJH-7GR6-423R
Vulnerability from github – Published: 2023-05-19 00:30 – Updated: 2024-04-04 04:14A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
{
"affected": [],
"aliases": [
"CVE-2023-30470"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T22:15:09Z",
"severity": "CRITICAL"
},
"details": "A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.",
"id": "GHSA-prjh-7gr6-423r",
"modified": "2024-04-04T04:14:53Z",
"published": "2023-05-19T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30470"
},
{
"type": "WEB",
"url": "https://github.com/facebook/hermes/commit/da8990f737ebb9d9810633502f65ed462b819c09"
},
{
"type": "WEB",
"url": "https://www.facebook.com/security/advisories/cve-2023-30470"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PRJX-Q4R9-5F42
Vulnerability from github – Published: 2022-09-16 00:00 – Updated: 2022-09-20 00:00This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17045.
{
"affected": [],
"aliases": [
"CVE-2022-40637"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-15T16:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17045.",
"id": "GHSA-prjx-q4r9-5f42",
"modified": "2022-09-20T00:00:29Z",
"published": "2022-09-16T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40637"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1193"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PRQ9-V8FH-P62P
Vulnerability from github – Published: 2026-05-20 21:31 – Updated: 2026-05-20 21:31Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-9114"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-20T20:16:42Z",
"severity": "HIGH"
},
"details": "Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)",
"id": "GHSA-prq9-v8fh-p62p",
"modified": "2026-05-20T21:31:32Z",
"published": "2026-05-20T21:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9114"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/495798630"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PRRG-PVXW-Q4M2
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30In the Linux kernel, the following vulnerability has been resolved:
HID: mcp-2221: prevent UAF in delayed work
If the device is plugged/unplugged without giving time for mcp_init_work() to complete, we might kick in the devm free code path and thus have unavailable struct mcp_2221 while in delayed work.
Canceling the delayed_work item is enough to solve the issue, because cancel_delayed_work_sync will prevent the work item to requeue itself.
{
"affected": [],
"aliases": [
"CVE-2023-53459"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:47Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: mcp-2221: prevent UAF in delayed work\n\nIf the device is plugged/unplugged without giving time for mcp_init_work()\nto complete, we might kick in the devm free code path and thus have\nunavailable struct mcp_2221 while in delayed work.\n\nCanceling the delayed_work item is enough to solve the issue, because\ncancel_delayed_work_sync will prevent the work item to requeue itself.",
"id": "GHSA-prrg-pvxw-q4m2",
"modified": "2026-01-16T21:30:29Z",
"published": "2025-10-01T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53459"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47e91fdfa511139f2549687edb0d8649b123227b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5dc297652dbc557eba7ca7d6a4c5f1940dffffb1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PRXC-P2G7-M92V
Vulnerability from github – Published: 2025-03-31 21:32 – Updated: 2025-03-31 21:32In the Linux kernel, the following vulnerability has been resolved:
keys: Fix UAF in key_put()
Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so key_put() is not allowed to touch the key after that point. The most key_put() is normally allowed to do is to touch key_gc_work as that's a static global variable.
However, in an effort to speed up the reclamation of quota, this is now done in key_put() once the key's usage is reduced to 0 - but now the code is looking at the key after the deadline, which is forbidden.
Fix this by using a flag to indicate that a key can be gc'd now rather than looking at the key's refcount in the garbage collector.
{
"affected": [],
"aliases": [
"CVE-2025-21893"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-31T20:15:14Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix UAF in key_put()\n\nOnce a key\u0027s reference count has been reduced to 0, the garbage collector\nthread may destroy it at any time and so key_put() is not allowed to touch\nthe key after that point. The most key_put() is normally allowed to do is\nto touch key_gc_work as that\u0027s a static global variable.\n\nHowever, in an effort to speed up the reclamation of quota, this is now\ndone in key_put() once the key\u0027s usage is reduced to 0 - but now the code\nis looking at the key after the deadline, which is forbidden.\n\nFix this by using a flag to indicate that a key can be gc\u0027d now rather than\nlooking at the key\u0027s refcount in the garbage collector.",
"id": "GHSA-prxc-p2g7-m92v",
"modified": "2025-03-31T21:32:48Z",
"published": "2025-03-31T21:32:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21893"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6afe2ea2daec156bd94ad2c5a6f4f4c48240dcd3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75845c6c1a64483e9985302793dbf0dfa5f71e32"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f6a3cf833188e897c97028cd7b926e3f2cb1a8c0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PV4C-F5CP-HCVH
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-15997"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-03T03:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"id": "GHSA-pv4c-f5cp-hcvh",
"modified": "2022-05-24T17:32:56Z",
"published": "2022-05-24T17:32:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15997"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/10/chrome-for-android-update_31.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1133668"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PV5C-VXPF-5J93
Vulnerability from github – Published: 2025-10-09 06:30 – Updated: 2025-10-09 06:30Memory corruption while allocating buffers in DSP service.
{
"affected": [],
"aliases": [
"CVE-2025-47354"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-09T04:16:47Z",
"severity": "HIGH"
},
"details": "Memory corruption while allocating buffers in DSP service.",
"id": "GHSA-pv5c-vxpf-5j93",
"modified": "2025-10-09T06:30:25Z",
"published": "2025-10-09T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47354"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PV6W-73JG-C3FQ
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2012-4216"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-11-21T12:55:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.",
"id": "GHSA-pv6w-73jg-c3fq",
"modified": "2022-05-13T01:23:40Z",
"published": "2022-05-13T01:23:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4216"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=798853"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80189"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16902"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/87609"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51359"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51360"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51369"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51370"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51381"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51434"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51439"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51440"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2583"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2584"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2588"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/56634"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1638-3"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PV7W-XVFQ-976M
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-16459"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-19T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-pv7w-xvfq-976m",
"modified": "2022-05-24T17:04:43Z",
"published": "2022-05-24T17:04:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16459"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-55.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PV86-XGR9-75FJ
Vulnerability from github – Published: 2022-03-27 00:00 – Updated: 2022-04-01 00:00User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
{
"affected": [],
"aliases": [
"CVE-2022-1071"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-26T04:15:00Z",
"severity": "HIGH"
},
"details": "User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.",
"id": "GHSA-pv86-xgr9-75fj",
"modified": "2022-04-01T00:00:50Z",
"published": "2022-03-27T00:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1071"
},
{
"type": "WEB",
"url": "https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.