CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,392 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 77 of 148
- CVE-2023-35666HIGHCVSS 7.8EG 7.82023-09-11
In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp…
- CVE-2023-3567HIGHCVSS 7.1EG 6.72023-07-24
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
- CVE-2023-35685HIGHCVSS 7.8EG 7.82025-01-08
In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User inte…
- CVE-2023-35687HIGHCVSS 7.8EG 7.82023-09-11
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi…
- CVE-2023-35693MEDIUMCVSS 6.7EG 6.72023-07-13
In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-35734MEDIUMCVSS 6.5EG 3.32024-05-03
Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction…
- CVE-2023-35784CRITICALCVSS 9.8EG 9.82023-06-16
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
- CVE-2023-35823HIGHCVSS 7.0EG 7.02023-06-18
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
- CVE-2023-35824HIGHCVSS 7.0EG 7.02023-06-18
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
- CVE-2023-35826HIGHCVSS 7.0EG 7.02023-06-18
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
- CVE-2023-35827HIGHCVSS 7.0EG 7.02023-06-18
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
- CVE-2023-35828HIGHCVSS 7.0EG 7.02023-06-18
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
- CVE-2023-35829HIGHCVSS 7.0EG 7.02023-06-18
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
- CVE-2023-35942MEDIUMCVSS 6.5EG 6.52023-07-25
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash whe…
- CVE-2023-35943MEDIUMCVSS 6.3EG 6.32023-07-25
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and de…
- CVE-2023-35993HIGHCVSS 7.8EG 7.82023-07-27
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. A…
- CVE-2023-3600HIGHCVSS 8.8EG 8.82023-07-12
During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.
- CVE-2023-36008MEDIUMCVSS 6.6EG 6.62023-11-16
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2023-36034HIGHCVSS 7.3EG 6.62023-11-03
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2023-36041HIGHCVSS 7.8EG 7.82023-11-14
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2023-3609HIGHCVSS 7.8EG 7.82023-07-21
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or …
- CVE-2023-3610HIGHCVSS 7.8EG 7.82023-07-21
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NE…
- CVE-2023-36562HIGHCVSS 7.1EG 7.12023-09-15
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2023-36565HIGHCVSS 7.0EG 7.02023-10-10
Microsoft Office Graphics Elevation of Privilege Vulnerability
- CVE-2023-36583HIGHCVSS 7.3EG 7.32023-10-10
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVE-2023-36605HIGHCVSS 7.4EG 7.42023-10-10
Windows Named Pipe Filesystem Elevation of Privilege Vulnerability
- CVE-2023-36726HIGHCVSS 7.8EG 7.82023-10-10
Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability
- CVE-2023-36735CRITICALCVSS 9.6EG 9.62023-09-15
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2023-36741HIGHCVSS 8.3EG 8.32023-08-26
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2023-36743HIGHCVSS 7.8EG 7.82023-10-10
Win32k Elevation of Privilege Vulnerability
- CVE-2023-36760HIGHCVSS 7.8EG 7.82023-09-12
3D Viewer Remote Code Execution Vulnerability
- CVE-2023-36776HIGHCVSS 7.0EG 7.02023-10-10
Win32k Elevation of Privilege Vulnerability
- CVE-2023-36787HIGHCVSS 8.8EG 8.82023-08-21
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2023-36802HIGHCVSS 7.8EG 9.0⚠ KEV2023-09-12
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
- CVE-2023-36804HIGHCVSS 7.8EG 7.82023-09-12
Windows GDI Elevation of Privilege Vulnerability
- CVE-2023-36833MEDIUMCVSS 6.5EG 6.52023-07-14
A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of…
- CVE-2023-36882HIGHCVSS 8.8EG 8.82023-08-08
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2023-36895HIGHCVSS 7.8EG 7.82023-08-08
Microsoft Outlook Remote Code Execution Vulnerability
- CVE-2023-36902HIGHCVSS 7.0EG 7.02023-10-10
Windows Runtime Remote Code Execution Vulnerability
- CVE-2023-37117CRITICALCVSS 9.8EG 9.82024-01-12
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
- CVE-2023-37201HIGHCVSS 8.8EG 8.82023-07-05
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
- CVE-2023-37202HIGHCVSS 8.8EG 8.82023-07-05
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and …
- CVE-2023-37209HIGHCVSS 8.8EG 8.82023-07-05
A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that o…
- CVE-2023-3727HIGHCVSS 8.8EG 8.82023-08-01
Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3728HIGHCVSS 8.8EG 8.82023-08-01
Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3729HIGHCVSS 8.8EG 8.82023-08-01
Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Ch…
- CVE-2023-3730HIGHCVSS 8.8EG 8.82023-08-01
Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security se…
- CVE-2023-3731HIGHCVSS 8.8EG 8.82023-08-01
Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium s…
- CVE-2023-37355MEDIUMCVSS 5.5EG 3.32024-05-03
Kofax Power PDF JPG File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required t…
- CVE-2023-37454MEDIUMCVSS 5.5EG 5.52023-07-06
An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a diffe…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →