Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-0522 1Google 1Android Nov 21, 2024 Jun 21, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User...Show more In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139Show less
CVE-2021-0520 1Google 1Android Nov 21, 2024 Jun 21, 2021 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed....Show more In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595Show less
CVE-2021-0516 1Google 1Android Nov 21, 2024 Jun 21, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User i...Show more In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448Show less
CVE-2021-0509 1Google 1Android Nov 21, 2024 Jun 21, 2021 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...Show more In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161Show less
CVE-2021-0508 1Google 1Android Nov 21, 2024 Jun 21, 2021 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...Show more In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154Show less
CVE-2021-32944 2Opendesign Siemens 4Comos Drawings SdkJt2go+1 more Nov 21, 2024 Jun 17, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruptio...Show more A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.Show less
CVE-2021-30553 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30552 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30550 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30549 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30548 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30546 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30545 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30544 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-24037 1Facebook 1Hermes Nov 21, 2024 Jun 15, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is...Show more A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.Show less
CVE-2021-31502 1Opentext 1Brava! Desktop Nov 21, 2024 Jun 15, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673.Show less
CVE-2021-31497 1Opentext 1Brava! Desktop Nov 21, 2024 Jun 15, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visi...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311.Show less
CVE-2021-0497 1Google 1Android Nov 21, 2024 Jun 11, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461320Show less
CVE-2021-0496 1Google 1Android Nov 21, 2024 Jun 11, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183467912Show less
CVE-2021-0482 1Google 1Android Nov 21, 2024 Jun 11, 2021 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...Show more In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173791720Show less

Previous 1...254255256...373 Next