Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-0330 1Google 1Android Nov 21, 2024 Sep 17, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exp...Show more In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085Show less
CVE-2020-0303 1Google 1Android Nov 21, 2024 Sep 17, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is need...Show more In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229Show less
CVE-2020-0434 1Google 1Android Nov 21, 2024 Sep 17, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...Show more In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150730508Show less
CVE-2020-0433 1Google 1Android Nov 21, 2024 Sep 17, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...Show more In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299Show less
CVE-2020-0429 1Google 1Android Nov 21, 2024 Sep 17, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User int...Show more In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806Show less
CVE-2020-0428 1Google 1Android Nov 21, 2024 Sep 17, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Produc...Show more In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783Show less
CVE-2020-0427 4Debian GoogleOpensuse+1 more 4Android Debian LinuxLeap+1 more Nov 21, 2024 Sep 17, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed...Show more In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171Show less
CVE-2020-6115 1Gonitro 1Nitro Pro Nov 21, 2024 Sep 17, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing f...Show more An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability.Show less
CVE-2020-14363 2Fedoraproject X.org 2Fedora Libx11 Nov 21, 2024 Sep 11, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary co...Show more An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.Show less
CVE-2020-25269 2Debian Inspircd 2Debian Linux Inspircd Nov 21, 2024 Sep 11, 2020 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remo...Show more An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.Show less
CVE-2019-20918 1Inspircd 1Inspircd Nov 21, 2024 Sep 11, 2020 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect t...Show more An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server.Show less
CVE-2020-25220 1Linux 1Linux Kernel Nov 21, 2024 Sep 10, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to th...Show more The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.Show less
CVE-2020-7068 3Debian PhpTenable 3Debian Linux PhpTenable.sc Nov 21, 2024 Sep 9, 2020 N/A· v4 3.6 LOW· v3 3.3 LOW· v2 In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash...Show more In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.Show less
CVE-2020-6354 1Sap 13d Visual Enterprise Viewer Nov 21, 2024 Sep 9, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user re...Show more SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.Show less
CVE-2020-6353 1Sap 13d Visual Enterprise Viewer Nov 21, 2024 Sep 9, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user re...Show more SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.Show less
CVE-2020-6334 1Sap 13d Visual Enterprise Viewer Nov 21, 2024 Sep 9, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user re...Show more SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.Show less
CVE-2020-6329 1Sap 13d Visual Enterprise Viewer Nov 21, 2024 Sep 9, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user re...Show more SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.Show less
CVE-2020-11129 1Qualcomm 7Bitra Firmware Kamorta FirmwareQcs605 Firmware+4 more Nov 21, 2024 Sep 9, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS60...Show more u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130Show less
CVE-2020-11124 1Qualcomm 17Mdm9607 Firmware Nicobar FirmwareQcs404 Firmware+14 more Nov 21, 2024 Sep 9, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT...Show more u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130Show less
CVE-2020-11120 1Qualcomm 22Apq8096au Firmware Apq8098 FirmwareBitra Firmware+19 more Nov 21, 2024 Sep 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto...Show more u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, APQ8098, Bitra, Kamorta, MSM8917, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM632, SM6150, SM7150, SM8150, SM8250, SXR2130Show less

Previous 1...273274275...373 Next