CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,237 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 34 of 145
- CVE-2020-6422HIGHCVSS 8.8EG 8.82020-03-23
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6423HIGHCVSS 8.8EG 8.82020-04-13
Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6424HIGHCVSS 8.8EG 8.82020-03-23
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6427HIGHCVSS 8.8EG 8.82020-03-23
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6428HIGHCVSS 8.8EG 8.82020-03-23
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6429HIGHCVSS 8.8EG 8.82020-03-23
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6434HIGHCVSS 8.8EG 8.82020-04-13
Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6436HIGHCVSS 8.8EG 8.82020-04-13
Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6448HIGHCVSS 8.8EG 8.82020-04-13
Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6449HIGHCVSS 8.8EG 8.82020-03-23
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6450HIGHCVSS 8.8EG 8.82020-04-13
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6451HIGHCVSS 8.8EG 8.82020-04-13
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6454HIGHCVSS 8.8EG 8.82020-04-13
Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
- CVE-2020-6457CRITICALCVSS 9.6EG 9.62020-05-21
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6459HIGHCVSS 8.8EG 8.82020-05-21
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6461CRITICALCVSS 9.6EG 9.62020-05-21
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6462CRITICALCVSS 9.6EG 9.62020-05-21
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6463HIGHCVSS 8.8EG 8.82020-05-21
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6465CRITICALCVSS 9.6EG 9.62020-05-21
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6466CRITICALCVSS 9.6EG 9.62020-05-21
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6467HIGHCVSS 8.8EG 8.82020-05-21
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6474HIGHCVSS 8.8EG 8.82020-05-21
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6492CRITICALCVSS 9.6EG 9.62021-11-02
Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6493CRITICALCVSS 9.6EG 9.62020-06-03
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6496HIGHCVSS 8.8EG 8.82020-06-03
Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6505CRITICALCVSS 9.6EG 9.62020-07-22
Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6509CRITICALCVSS 9.6EG 9.62020-07-22
Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
- CVE-2020-6515HIGHCVSS 8.8EG 8.82020-07-22
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6518HIGHCVSS 8.8EG 8.82020-07-22
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6532HIGHCVSS 8.8EG 8.82020-09-21
Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6539HIGHCVSS 8.8EG 8.82020-09-21
Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6541HIGHCVSS 8.8EG 8.82020-09-21
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6542HIGHCVSS 8.8EG 8.82020-09-21
Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6543HIGHCVSS 8.8EG 8.82020-09-21
Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6544HIGHCVSS 8.8EG 8.82020-09-21
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6545HIGHCVSS 8.8EG 8.82020-09-21
Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6549HIGHCVSS 8.8EG 8.82020-09-21
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6550HIGHCVSS 8.8EG 8.82020-09-21
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6551HIGHCVSS 8.8EG 8.82020-09-21
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6552HIGHCVSS 8.8EG 8.82020-09-21
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6553HIGHCVSS 8.8EG 8.82020-09-21
Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6554HIGHCVSS 8.6EG 8.62020-09-21
Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
- CVE-2020-6559HIGHCVSS 8.8EG 8.82020-09-21
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6572HIGHCVSS 8.8EG 9.0⚠ KEV2021-01-14
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
- CVE-2020-6573CRITICALCVSS 9.6EG 9.62020-09-21
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-6576HIGHCVSS 8.8EG 8.82020-09-21
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6805HIGHCVSS 8.8EG 8.82020-03-25
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68…
- CVE-2020-6807HIGHCVSS 8.8EG 8.82020-03-25
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability…
- CVE-2020-6819HIGHCVSS 8.1EG 9.0⚠ KEV2020-04-24
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.…
- CVE-2020-6838CRITICALCVSS 9.8EG 9.82020-01-11
In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →