CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,392 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 72 of 148
- CVE-2023-21146MEDIUMCVSS 6.7EG 6.72023-06-28
there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android …
- CVE-2023-21147HIGHCVSS 7.8EG 7.82023-06-28
In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for …
- CVE-2023-21165HIGHCVSS 7.8EG 8.42024-02-16
In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interacti…
- CVE-2023-21255HIGHCVSS 7.8EG 7.82023-07-13
In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat…
- CVE-2023-2135HIGHCVSS 7.5EG 7.52023-04-19
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity…
- CVE-2023-21355HIGHCVSS 7.8EG 7.82023-10-30
In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-21361HIGHCVSS 8.8EG 8.82023-10-30
In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction i…
- CVE-2023-21381HIGHCVSS 7.8EG 7.82023-10-30
In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi…
- CVE-2023-21392HIGHCVSS 8.8EG 8.82023-10-30
In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not…
- CVE-2023-21395MEDIUMCVSS 6.5EG 6.52023-10-30
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-21459MEDIUMCVSS 5.0EG 9.82023-03-16
Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.
- CVE-2023-21532HIGHCVSS 7.0EG 7.02023-01-10
Windows GDI Elevation of Privilege Vulnerability
- CVE-2023-21551HIGHCVSS 7.8EG 7.82023-01-10
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
- CVE-2023-21552HIGHCVSS 7.8EG 7.82023-01-10
Windows GDI Elevation of Privilege Vulnerability
- CVE-2023-21584MEDIUMCVSS 5.5EG 5.52023-02-17
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. …
- CVE-2023-21598MEDIUMCVSS 5.5EG 5.52023-01-13
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR…
- CVE-2023-21601MEDIUMCVSS 5.5EG 5.52023-01-18
Adobe Dimension version 3.4.6 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of…
- CVE-2023-21608HIGHCVSS 7.8EG 9.0⚠ KEV2023-01-18
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current …
- CVE-2023-2162MEDIUMCVSS 5.5EG 5.52023-04-19
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
- CVE-2023-21672HIGHCVSS 8.4EG 8.42023-07-04
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.
- CVE-2023-21674HIGHCVSS 8.8EG 9.0⚠ KEV2023-01-10
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- CVE-2023-21679HIGHCVSS 8.1EG 8.12023-01-10
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
- CVE-2023-21680HIGHCVSS 7.8EG 7.82023-01-10
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2023-21688HIGHCVSS 7.8EG 7.82023-02-14
NT OS Kernel Elevation of Privilege Vulnerability
- CVE-2023-21724HIGHCVSS 7.8EG 7.82023-01-10
Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2023-21734HIGHCVSS 7.8EG 7.82023-01-10
Microsoft Office Remote Code Execution Vulnerability
- CVE-2023-21735HIGHCVSS 7.8EG 7.82023-01-10
Microsoft Office Remote Code Execution Vulnerability
- CVE-2023-21747HIGHCVSS 7.8EG 7.82023-01-10
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-21755HIGHCVSS 7.8EG 7.82023-01-10
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-21756HIGHCVSS 7.8EG 7.82023-07-11
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2023-21773HIGHCVSS 7.8EG 7.82023-01-10
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-21774HIGHCVSS 7.8EG 7.82023-01-10
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-21784HIGHCVSS 7.8EG 7.82023-01-10
3D Builder Remote Code Execution Vulnerability
- CVE-2023-21795HIGHCVSS 8.3EG 8.32023-01-24
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2023-21808HIGHCVSS 7.8EG 7.82023-02-14
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2023-21822HIGHCVSS 7.8EG 7.82023-02-14
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2023-2203HIGHCVSS 8.8EG 8.82023-05-17
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of servi…
- CVE-2023-22235HIGHCVSS 7.8EG 7.82023-04-12
InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…
- CVE-2023-22244HIGHCVSS 7.8EG 7.82023-02-17
Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi…
- CVE-2023-22246HIGHCVSS 7.8EG 7.82023-02-17
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user …
- CVE-2023-22277HIGHCVSS 7.8EG 7.82023-08-03
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-…
- CVE-2023-22314HIGHCVSS 7.8EG 7.82023-08-03
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-…
- CVE-2023-22317HIGHCVSS 7.8EG 7.82023-08-03
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-…
- CVE-2023-2235HIGHCVSS 7.8EG 7.82023-05-01
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_…
- CVE-2023-2236HIGHCVSS 7.8EG 7.82023-05-01
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underf…
- CVE-2023-22360HIGHCVSS 7.8EG 7.82023-02-13
Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted pr…
- CVE-2023-22383MEDIUMCVSS 6.7EG 6.72023-12-05
Memory Corruption in camera while installing a fd for a particular DMA buffer.
- CVE-2023-22402MEDIUMCVSS 5.9EG 5.92023-01-13
A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart migh…
- CVE-2023-22424HIGHCVSS 7.8EG 7.82023-03-06
Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the proces…
- CVE-2023-22436HIGHCVSS 7.8EG 7.82023-03-10
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →