Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

GHSA-WPMH-X6RM-9P34

Vulnerability from github – Published: 2022-08-29 20:06 – Updated: 2025-11-04 00:30
VLAI
Details

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0934"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-29T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
  "id": "GHSA-wpmh-x6rm-9p34",
  "modified": "2025-11-04T00:30:32Z",
  "published": "2022-08-29T20:06:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:7633"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:8070"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-0934"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html"
    },
    {
      "type": "WEB",
      "url": "https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39"
    },
    {
      "type": "WEB",
      "url": "https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPPP-F8CC-X9HX

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Circle annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6212.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-31T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Circle annotations. By manipulating a document\u0027s elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6212.",
  "id": "GHSA-wppp-f8cc-x9hx",
  "modified": "2022-05-13T01:34:35Z",
  "published": "2022-05-13T01:34:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14296"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-756"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPVC-JGP6-VG6F

Vulnerability from github – Published: 2024-08-06 18:30 – Updated: 2024-08-06 21:30
VLAI
Details

Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-06T16:15:49Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-wpvc-jgp6-vg6f",
  "modified": "2024-08-06T21:30:47Z",
  "published": "2024-08-06T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6988"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/349198731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPX2-5M46-33QP

Vulnerability from github – Published: 2025-09-23 06:30 – Updated: 2025-12-12 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: fix potential OF node use-after-free

The for_each_child_of_node() helper drops the reference it takes to each node as it iterates over children and an explicit of_node_put() is only needed when exiting the loop early.

Drop the recently introduced bogus additional reference count decrement at each iteration that could potentially lead to a use-after-free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-23T06:15:47Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: fix potential OF node use-after-free\n\nThe for_each_child_of_node() helper drops the reference it takes to each\nnode as it iterates over children and an explicit of_node_put() is only\nneeded when exiting the loop early.\n\nDrop the recently introduced bogus additional reference count decrement\nat each iteration that could potentially lead to a use-after-free.",
  "id": "GHSA-wpx2-5m46-33qp",
  "modified": "2025-12-12T21:31:32Z",
  "published": "2025-09-23T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39882"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4de37a48b6b58faaded9eb765047cf0d8785ea18"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b58a26cdd4795c1ce6a80e38e9348885555dacd6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4901802ed1ce859242e10af06e6a7752cba0497"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPX2-5M9Q-J3G7

Vulnerability from github – Published: 2024-03-01 00:30 – Updated: 2024-12-10 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU

If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new null bus. Destroying devices before the bus is nullified could lead to use-after-free since readers expect the devices on their reference of the bus to remain valid.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-29T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Destroy I/O bus devices on unregister failure _after_ sync\u0027ing SRCU\n\nIf allocating a new instance of an I/O bus fails when unregistering a\ndevice, wait to destroy the device until after all readers are guaranteed\nto see the new null bus.  Destroying devices before the bus is nullified\ncould lead to use-after-free since readers expect the devices on their\nreference of the bus to remain valid.",
  "id": "GHSA-wpx2-5m9q-j3g7",
  "modified": "2024-12-10T18:31:06Z",
  "published": "2024-03-01T00:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47061"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03c6cccedd3913006744faa252a4da5145299343"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ee3757424be7c1cd1d0bbfa6db29a7edd82a250"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/30f46c6993731efb2a690c9197c0fd9ed425da2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e899ca848636b37e9ac124bc1723862a7d7d927"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPX6-2RPM-7RX4

Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2025-01-21 18:31
VLAI
Details

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-1236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-04-13T20:26:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"",
  "id": "GHSA-wpx6-2rpm-7rx4",
  "modified": "2025-01-21T18:31:01Z",
  "published": "2022-05-13T01:15:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1236"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66418"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12478"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/71751"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44156"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/css/P8/documents/100133352"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47213"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025345"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0952"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQ25-M95J-8RW5

Vulnerability from github – Published: 2025-05-17 03:30 – Updated: 2025-05-19 21:30
VLAI
Details

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1706"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-17T01:15:18Z",
    "severity": "HIGH"
  },
  "details": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.",
  "id": "GHSA-wq25-m95j-8rw5",
  "modified": "2025-05-19T21:30:31Z",
  "published": "2025-05-17T03:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1706"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQ58-RXRJ-R3CV

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:15:49Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-wq58-rxrj-r3cv",
  "modified": "2025-10-14T18:30:31Z",
  "published": "2025-10-14T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55684"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55684"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQ5C-W7MQ-VQJV

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50307"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:28Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-wq5c-w7mq-vqjv",
  "modified": "2026-07-14T18:32:15Z",
  "published": "2026-07-14T18:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50307"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50307"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQ5V-H429-2627

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:29Z",
    "severity": "MODERATE"
  },
  "details": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-wq5v-h429-2627",
  "modified": "2026-07-14T18:32:15Z",
  "published": "2026-07-14T18:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50312"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50312"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.