CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,387 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 54 of 148
- CVE-2022-1212CRITICALCVSS 9.8EG 9.82022-04-05
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
- CVE-2022-1280MEDIUMCVSS 6.3EG 6.32022-04-13
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel informatio…
- CVE-2022-1284MEDIUMCVSS 5.5EG 5.52022-04-08
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.
- CVE-2022-1305HIGHCVSS 8.8EG 8.82022-07-25
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1308HIGHCVSS 8.8EG 8.82022-07-25
Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1310HIGHCVSS 8.8EG 8.82022-07-25
Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1311HIGHCVSS 8.8EG 8.82022-07-25
Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1312CRITICALCVSS 9.6EG 9.62022-07-25
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
- CVE-2022-1313HIGHCVSS 8.8EG 8.82022-07-25
Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1419HIGHCVSS 7.8EG 7.82022-06-02
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_g…
- CVE-2022-1444MEDIUMCVSS 5.5EG 5.52022-04-23
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.
- CVE-2022-1477HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1478HIGHCVSS 8.8EG 8.82022-07-26
Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1479HIGHCVSS 8.8EG 8.82022-07-26
Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1481HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1485HIGHCVSS 7.5EG 7.52022-07-26
Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1487HIGHCVSS 7.5EG 7.52022-07-26
Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.
- CVE-2022-1490HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1491HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
- CVE-2022-1493HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
- CVE-2022-1496HIGHCVSS 8.8EG 8.82022-07-26
Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
- CVE-2022-1516MEDIUMCVSS 5.5EG 5.52022-05-05
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. T…
- CVE-2022-1616HIGHCVSS 7.8EG 7.82022-05-07
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
- CVE-2022-1633HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.
- CVE-2022-1634HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions.
- CVE-2022-1635HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.
- CVE-2022-1636HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1639HIGHCVSS 8.8EG 8.82022-07-26
Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1640HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1641HIGHCVSS 8.8EG 8.82022-07-26
Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interac…
- CVE-2022-1652HIGHCVSS 7.8EG 7.82022-06-02
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerabi…
- CVE-2022-1679HIGHCVSS 7.8EG 7.82022-05-16
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially…
- CVE-2022-1734HIGHCVSS 7.0EG 7.02022-05-18
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
- CVE-2022-1786HIGHCVSS 7.8EG 7.82022-06-02
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or esc…
- CVE-2022-1795CRITICALCVSS 9.8EG 9.82022-05-18
Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
- CVE-2022-1796HIGHCVSS 7.8EG 7.82022-05-19
Use After Free in GitHub repository vim/vim prior to 8.2.4979.
- CVE-2022-1853CRITICALCVSS 9.6EG 9.62022-07-27
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2022-1854HIGHCVSS 8.8EG 8.82022-07-27
Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1855HIGHCVSS 8.8EG 8.82022-07-27
Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1856HIGHCVSS 8.8EG 8.82022-07-27
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user inter…
- CVE-2022-1859HIGHCVSS 8.8EG 8.82022-07-27
Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1860HIGHCVSS 8.8EG 8.82022-07-27
Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactio…
- CVE-2022-1861HIGHCVSS 8.8EG 8.82022-07-27
Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.
- CVE-2022-1863HIGHCVSS 8.8EG 8.82022-07-27
Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interact…
- CVE-2022-1864HIGHCVSS 8.8EG 8.82022-07-27
Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user int…
- CVE-2022-1865HIGHCVSS 8.8EG 8.82022-07-27
Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interacti…
- CVE-2022-1866HIGHCVSS 8.8EG 8.82022-07-27
Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.
- CVE-2022-1870HIGHCVSS 8.8EG 8.82022-07-27
Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
- CVE-2022-1882HIGHCVSS 7.8EG 7.82022-05-26
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or…
- CVE-2022-1898HIGHCVSS 7.8EG 7.82022-05-27
Use After Free in GitHub repository vim/vim prior to 8.2.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →