QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-416

Back to CWE list

CWE-416

Use After Free

Variant
Stable

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Common Consequences

Scope

Integrity

Impact

Modify Memory

Scope

Availability

Impact

DoS: Crash, Exit, or Restart

Scope

Confidentiality

Impact

Read Memory

Scope

Integrity
Confidentiality
Availability

Impact

Execute Unauthorized Code or Commands

Potential Mitigations

Architecture and Design

Choose a language that provides automatic memory management.

Implementation

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

CVE-2023-38160

TCP/IP code for an OS has a use-after-free that can leak heap memory contents

CVE-2022-20141

Chain: an operating system kernel has insufficent resource locking (CWE-413) leading to a use after free (CWE-416).

CVE-2022-2621

Chain: two threads in a web browser use the same resource (CWE-366), but one of those threads can destroy the resource before the other has completed (CWE-416).

CVE-2021-0920

Chain: mobile platform race condition (CWE-362) leading to use-after-free (CWE-416), as exploited in the wild per CISA KEV.

CVE-2020-6819

Chain: race condition (CWE-362) leads to use-after-free (CWE-416), as exploited in the wild per CISA KEV.

CVE-2010-4168

Use-after-free triggered by closing a connection while data is still being transmitted.

CVE-2010-2941

Improper allocation for invalid data leads to use-after-free.

CVE-2010-2547

certificate with a large number of Subject Alternate Names not properly handled in realloc, leading to use-after-free

CVE-2010-1772

Timers are not disabled when a related object is deleted

CVE-2010-1437

Access to a "dead" object that is being cleaned up

+19 more examples

Applicable Platforms

Memory-Unsafe
C
C++

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now