CWE-825— Expired Pointer Dereference
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.— MITRE CWE catalog
84 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-825page 1 of 2
- CVE-2019-15691HIGHCVSS 7.2EG 7.22019-12-26
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which…
- CVE-2021-25443MEDIUMCVSS 5.3EG 5.32021-08-05
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
- CVE-2021-39228MEDIUMCVSS 6.5EG 6.52021-09-17
Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state…
- CVE-2022-0523HIGHCVSS 7.8EG 7.82022-02-08
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
- CVE-2023-20212HIGHCVSS 7.5EG 7.52023-08-18
A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of a…
- CVE-2023-48315CRITICALCVSS 9.8EG 8.82023-12-05
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected…
- CVE-2023-48316CRITICALCVSS 9.8EG 9.82023-12-05
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected…
- CVE-2023-48692CRITICALCVSS 9.8EG 9.02023-12-05
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected…
- CVE-2023-48694CRITICALCVSS 9.8EG 6.82023-12-05
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities …
- CVE-2023-48696CRITICALCVSS 9.8EG 6.72023-12-05
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX.…
- CVE-2023-48697CRITICALCVSS 9.8EG 6.42023-12-05
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. T…
- CVE-2023-48698CRITICALCVSS 9.8EG 6.82023-12-05
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX.…
- CVE-2024-23310CRITICALCVSS 9.8EG 9.82024-02-20
A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a…
- CVE-2024-23638MEDIUMCVSS 6.5EG 6.52024-01-24
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform De…
- CVE-2024-28889MEDIUMCVSS 5.9EG 5.92024-05-08
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.�…
- CVE-2024-39792HIGHCVSS 7.5EG 7.52024-08-14
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2024-45105MEDIUMCVSS 6.7EG 6.72024-09-13
An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.
- CVE-2024-8250HIGHCVSS 7.8EG 7.82024-08-29
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
- CVE-2025-10911MEDIUMCVSS 5.5EG 5.52025-09-25
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
- CVE-2025-12119MEDIUMCVSS 6.8EG 6.82025-11-18
A mongoc_bulk_operation_t may read invalid memory if large options are passed.
- CVE-2025-30653MEDIUMCVSS 6.5EG 6.52025-04-09
An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evol…
- CVE-2025-49794CRITICALCVSS 9.1EG 9.12025-06-16
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to cr…
- CVE-2025-49795HIGHCVSS 7.5EG 7.52025-06-16
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
- CVE-2025-54770MEDIUMCVSS 4.9EG 4.92025-11-18
A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered wh…
- CVE-2025-54771MEDIUMCVSS 4.9EG 4.92025-11-18
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. …
- CVE-2025-61663MEDIUMCVSS 4.9EG 4.92025-11-18
A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the…
- CVE-2025-61664MEDIUMCVSS 4.9EG 4.92025-11-18
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacke…
- CVE-2026-12291HIGHCVSS 8.8EG 8.82026-06-16
Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-12293CRITICALCVSS 9.8EG 9.82026-06-16
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- CVE-2026-12326HIGHCVSS 8.1EG 7.32026-06-16
Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability…
- CVE-2026-12328HIGHCVSS 8.1EG 8.12026-06-16
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou…
- CVE-2026-12610MEDIUMCVSS 6.4EG 6.42026-06-30
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating s…
- CVE-2026-23074HIGHCVSS 7.8EG 7.82026-02-04
In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constra…
- CVE-2026-23868MEDIUMCVSS 5.1EG 5.12026-03-10
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
- CVE-2026-2436MEDIUMCVSS 6.5EG 6.52026-03-26
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the h…
- CVE-2026-24678HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This …
- CVE-2026-26399MEDIUMCVSS 5.3EG 5.32026-04-20
A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it i…
- CVE-2026-31703HIGHCVSS 7.8EG 7.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inode_switch_wbs_work_fn() inode_switch_wbs_work_fn() has a loop like: wb_get(new_wb); while (1) { list = llist_del_all(&new_wb…
- CVE-2026-33150HIGHCVSS 7.8EG 7.82026-03-20
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and pot…
- CVE-2026-33526HIGHCVSS 7.5EG 7.52026-03-26
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial o…
- CVE-2026-34001HIGHCVSS 7.8EG 7.82026-04-23
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without…
- CVE-2026-34734HIGHCVSS 7.8EG 7.82026-04-09
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in …
- CVE-2026-34774HIGHCVSS 8.1EG 8.12026-04-04
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open() may be vulner…
- CVE-2026-35094LOWCVSS 3.3EG 3.32026-04-01
A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a point…
- CVE-2026-3593CRITICALCVSS 9.8EG 7.42026-05-20
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and…
- CVE-2026-42014MEDIUMCVSS 6.6EG 6.62026-06-16
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for…
- CVE-2026-44422HIGHCVSS 8.8EG 8.82026-05-29
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR ty…
- CVE-2026-45447HIGHCVSS 8.8EG 9.82026-06-09
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote…
- CVE-2026-45972CRITICALCVSS 9.8EG 9.82026-05-27
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL,…
- CVE-2026-45998HIGHCVSS 7.8EG 7.82026-05-27
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skb_unshare() failure If skb_unshare() fails to unshare a packet due to allocation failure in rxrpc_input_packet(), the skb pointer in the…
Map vulnerabilities like CWE-825 to your infrastructure
EchelonGraph correlates every CVE — across CWE-825 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →