Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-0310 1Google 1Android Nov 21, 2024 Jan 11, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User in...Show more In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170212632.Show less
CVE-2021-0303 1Google 1Android Nov 21, 2024 Jan 11, 2021 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege w...Show more In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170407229.Show less
CVE-2021-0342 1Google 1Android Nov 21, 2024 Jan 11, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for expl...Show more In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327.Show less
CVE-2021-21115 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Jan 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21114 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Jan 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21112 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Jan 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21110 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Jan 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21109 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Jan 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21108 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Jan 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21107 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Jan 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21106 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Jan 8, 2021 N/A· v4 9.6 CRITICAL· v3 9.3 HIGH· v2 Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16039 1Google 1Chrome Nov 21, 2024 Jan 8, 2021 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16038 1Google 1Chrome Nov 21, 2024 Jan 8, 2021 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16037 1Google 1Chrome Nov 21, 2024 Jan 8, 2021 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16026 1Google 1Chrome Nov 21, 2024 Jan 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16023 1Google 1Chrome Nov 21, 2024 Jan 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16018 1Google 1Chrome Nov 21, 2024 Jan 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16017 1Google 1Chrome Oct 24, 2025 Jan 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16014 1Google 1Chrome Nov 21, 2024 Jan 8, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-27835 1Linux 1Infiniband Hfi1 Driver Nov 21, 2024 Jan 7, 2021 N/A· v4 4.4 MEDIUM· v3 4.9 MEDIUM· v2 A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.

Previous 1...265266267...373 Next