Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-42382 2Busybox Fedoraproject 2Busybox Fedora Nov 3, 2025 Nov 15, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
CVE-2021-42381 2Busybox Fedoraproject 2Busybox Fedora Nov 3, 2025 Nov 15, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
CVE-2021-42380 2Busybox Fedoraproject 2Busybox Fedora Nov 3, 2025 Nov 15, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
CVE-2021-42379 2Busybox Fedoraproject 2Busybox Fedora Nov 3, 2025 Nov 15, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
CVE-2021-42378 2Busybox Fedoraproject 2Busybox Fedora Nov 3, 2025 Nov 15, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
CVE-2020-12901 1Amd 1Radeon Software Nov 21, 2024 Nov 15, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.
CVE-2021-42706 1Advantech 1Webaccess Hmi Designer Nov 21, 2024 Nov 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer
CVE-2021-43275 1Opendesign 1Drawings Software Development Kit Nov 21, 2024 Nov 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing ope...Show more A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2021-43274 1Opendesign 1Drawings Software Development Kit Nov 21, 2024 Nov 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an o...Show more A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.Show less
CVE-2021-30266 1Qualcomm 204Apq8009 Firmware Apq8053 FirmwareApq8096au Firmware+201 more Nov 21, 2024 Nov 12, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Ind...Show more Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingShow less
CVE-2021-30264 1Qualcomm 194Apq8009 Firmware Apq8053 FirmwareApq8096au Firmware+191 more Nov 21, 2024 Nov 12, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snap...Show more Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and NetworkingShow less
CVE-2021-30263 1Qualcomm 27Aqt1000 Firmware Ar8031 FirmwareAr8035 Firmware+24 more Nov 21, 2024 Nov 12, 2021 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CVE-2021-42074 1Barrier Project 1Barrier Nov 21, 2024 Nov 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP con...Show more An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session.Show less
CVE-2021-43412 1Gnu 1Hurd Nov 21, 2024 Nov 7, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalat...Show more An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.Show less
CVE-2021-41220 1Google 1Tensorflow Nov 21, 2024 Nov 5, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous compu...Show more TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()`d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected.Show less
CVE-2021-43400 2Bluez Debian 2Bluez Debian Linux Nov 4, 2025 Nov 4, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.
CVE-2021-38498 1Mozilla 3Firefox Firefox EsrThunderbird Nov 21, 2024 Nov 3, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird...Show more During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.Show less
CVE-2021-38496 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Nov 21, 2024 Nov 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbir...Show more During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.Show less
CVE-2020-27820 3Fedoraproject LinuxOracle 5Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Exposure FunctionCommunications Cloud Native Core Policy+2 more Nov 21, 2024 Nov 3, 2021 N/A· v4 4.7 MEDIUM· v3 4.7 MEDIUM· v2 A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens...Show more A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).Show less
CVE-2020-6492 1Google 1Chrome Nov 21, 2024 Nov 2, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Previous 1...242243244...373 Next