CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,387 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 52 of 148
- CVE-2021-47656HIGHCVSS 7.8EG 7.82025-02-26
In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2_clear_xattr_subsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one x…
- CVE-2021-47668HIGHCVSS 7.8EG 7.82025-04-17
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is acces…
- CVE-2021-47669HIGHCVSS 7.8EG 7.82025-04-17
In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the canfd_frame cfd which aliases skb memory is a…
- CVE-2021-47670HIGHCVSS 7.8EG 7.82025-04-17
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is acc…
- CVE-2022-0096HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0098HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.
- CVE-2022-0099HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.
- CVE-2022-0103HIGHCVSS 8.8EG 8.82022-02-12
Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0105HIGHCVSS 8.8EG 8.82022-02-12
Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0106HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0107HIGHCVSS 8.8EG 7.82022-02-12
Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0139CRITICALCVSS 9.8EG 9.82022-02-08
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.
- CVE-2022-0156MEDIUMCVSS 5.5EG 5.52022-01-10
vim is vulnerable to Use After Free
- CVE-2022-0216MEDIUMCVSS 4.4EG 4.42022-08-26
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a ma…
- CVE-2022-0289HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0290CRITICALCVSS 9.6EG 9.62022-02-12
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2022-0293HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0295HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0296HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0297HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0298HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0300HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML p…
- CVE-2022-0301HIGHCVSS 7.8EG 7.82022-02-12
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0302HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0304HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0307HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0308HIGHCVSS 8.8EG 8.82022-02-12
Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0413HIGHCVSS 7.8EG 7.82022-01-30
Use After Free in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0443HIGHCVSS 7.8EG 7.82022-02-02
Use After Free in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0452CRITICALCVSS 9.6EG 9.62022-04-05
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2022-0453HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0456HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.
- CVE-2022-0458HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0459HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption v…
- CVE-2022-0460HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0463HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
- CVE-2022-0464HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
- CVE-2022-0465HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction.
- CVE-2022-0468HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0469HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0487MEDIUMCVSS 5.5EG 5.52022-02-04
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw af…
- CVE-2022-0520HIGHCVSS 7.8EG 7.82022-02-08
Use After Free in NPM radare2.js prior to 5.6.2.
- CVE-2022-0523HIGHCVSS 7.8EG 7.82022-02-08
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
- CVE-2022-0559CRITICALCVSS 9.8EG 9.82022-02-16
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
- CVE-2022-0581MEDIUMCVSS 6.3EG 7.52022-02-14
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- CVE-2022-0603HIGHCVSS 8.8EG 8.82022-04-05
Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0605HIGHCVSS 8.8EG 8.82022-04-05
Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corrupt…
- CVE-2022-0606HIGHCVSS 8.8EG 8.82022-04-05
Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0607HIGHCVSS 8.8EG 8.82022-04-05
Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0609HIGHCVSS 8.8EG 9.0⚠ KEV2022-04-05
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →