CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,387 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 56 of 148
- CVE-2022-2158HIGHCVSS 8.8EG 8.82022-07-28
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2161HIGHCVSS 8.8EG 8.82022-07-28
Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2163HIGHCVSS 8.8EG 8.82022-07-28
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.
- CVE-2022-21745HIGHCVSS 8.8EG 8.82022-06-06
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privil…
- CVE-2022-21806CRITICALCVSS 9.8EG 9.82022-06-17
A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from …
- CVE-2022-22034HIGHCVSS 7.8EG 7.82022-07-12
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-22057HIGHCVSS 8.4EG 7.82022-06-14
Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdrago…
- CVE-2022-22058HIGHCVSS 8.4EG 7.82022-09-26
Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industr…
- CVE-2022-22068HIGHCVSS 8.4EG 7.82022-06-14
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag…
- CVE-2022-22071HIGHCVSS 8.4EG 9.0⚠ KEV2022-06-14
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IO…
- CVE-2022-22077HIGHCVSS 8.4EG 7.82022-10-19
Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile
- CVE-2022-22090HIGHCVSS 8.4EG 7.82022-06-14
Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
- CVE-2022-22092HIGHCVSS 7.8EG 7.82022-09-16
Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
- CVE-2022-22095HIGHCVSS 8.4EG 7.82022-09-16
Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
- CVE-2022-22097HIGHCVSS 8.4EG 7.82022-09-02
Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT
- CVE-2022-22207HIGHCVSS 7.5EG 7.52022-07-20
A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a kernel crash due to intensive polling of Abstracted Fabr…
- CVE-2022-22208MEDIUMCVSS 5.9EG 5.92022-10-18
A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use…
- CVE-2022-22252HIGHCVSS 7.5EG 7.52022-05-13
The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.
- CVE-2022-22260CRITICALCVSS 9.1EG 9.12022-05-13
The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.
- CVE-2022-22533HIGHCVSS 7.5EG 7.52022-02-09
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resultin…
- CVE-2022-22590HIGHCVSS 8.8EG 8.82022-03-18
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitra…
- CVE-2022-22614HIGHCVSS 7.8EG 7.82022-03-18
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may…
- CVE-2022-22615HIGHCVSS 7.8EG 7.82022-03-18
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may…
- CVE-2022-22620HIGHCVSS 8.8EG 9.0⚠ KEV2022-03-18
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content …
- CVE-2022-22624HIGHCVSS 8.8EG 8.82022-09-23
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execu…
- CVE-2022-22628HIGHCVSS 8.8EG 8.82022-09-23
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitra…
- CVE-2022-22630CRITICALCVSS 9.8EG 9.82023-06-23
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary c…
- CVE-2022-22641CRITICALCVSS 9.8EG 9.82022-03-18
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.
- CVE-2022-22667HIGHCVSS 7.8EG 7.82022-03-18
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.
- CVE-2022-22669HIGHCVSS 7.8EG 7.82022-03-18
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
- CVE-2022-22737HIGHCVSS 7.5EG 7.52022-12-22
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Fir…
- CVE-2022-22740HIGHCVSS 8.8EG 8.82022-12-22
Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, an…
- CVE-2022-2289HIGHCVSS 7.8EG 7.82022-07-03
Use After Free in GitHub repository vim/vim prior to 9.0.
- CVE-2022-22942HIGHCVSS 7.8EG 7.82023-12-13
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
- CVE-2022-2296HIGHCVSS 8.8EG 8.82022-07-28
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interaction…
- CVE-2022-23090HIGHCVSS 7.7EG 7.72024-02-15
The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).
- CVE-2022-2318MEDIUMCVSS 5.5EG 5.52022-07-06
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
- CVE-2022-2327HIGHCVSS 7.5EG 7.82022-07-22
io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect …
- CVE-2022-23308HIGHCVSS 7.5EG 7.52022-02-26
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
- CVE-2022-2345HIGHCVSS 7.8EG 7.82022-07-08
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
- CVE-2022-23459HIGHCVSS 8.1EG 9.82022-08-19
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment op…
- CVE-2022-23584HIGHCVSS 7.6EG 7.62022-02-04
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` ar…
- CVE-2022-23597HIGHCVSS 8.3EG 8.32022-02-01
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on …
- CVE-2022-23608HIGHCVSS 8.1EG 8.12022-02-22
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forkin…
- CVE-2022-2399HIGHCVSS 8.8EG 8.82022-07-28
Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-24050HIGHCVSS 7.8EG 7.82022-02-18
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerabili…
- CVE-2022-24061MEDIUMCVSS 5.5EG 5.52022-02-18
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2022-24062HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag…
- CVE-2022-24070HIGHCVSS 7.5EG 7.52022-04-12
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 throug…
- CVE-2022-24101LOWCVSS 3.3EG 3.32022-05-11
Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage t…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →