CVEbaza.plSłownik CWECWE-416
Common Weakness Enumeration

CWE-416

Use After Free

Kategoria: VariantCVE: 9309
Opis

Produkt ponownie wykorzystuje lub odwołuje się do pamięci, która została już zwolniona. Pamięć może być następnie przydzielona ponownie i zapisana w innym wskaźniku, podczas gdy oryginalny wskaźnik nadal odwołuje się do lokalizacji w nowej alokacji. Operacje przy użyciu oryginalnego wskaźnika nie są już prawidłowe.

Description (EN)

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Podatności CVE z CWE-416 (9309)
10.0
CVSS
CRITICAL
CVE-2026-13782

Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

pub. 2026-06-30
10.0
CVSS
CRITICAL
CVE-2026-4688

Krytyczna podatność use-after-free w komponencie Disability Access APIs przeglądarki Mozilla Firefox oraz klienta pocztowego Thunderbird umożliwia ucieczkę z piaskownicy (sandbox escape). Podatność otrzymała maksymalny wynik CVSS 10.0, co oznacza pełne zagrożenie dla poufności, integralności i dostępności systemu bez wymagania uwierzytelnienia.

pub. 2026-03-24
10.0
CVSS
CRITICAL
CVE-2026-4725

Krytyczna podatność typu use-after-free w komponencie Graphics: Canvas2D przeglądarki Mozilla Firefox umożliwia ucieczkę z mechanizmu sandbox. Ocena CVSS 10.0 oznacza maksymalne zagrożenie — atakujący może działać zdalnie, bez uwierzytelnienia i bez interakcji użytkownika.

pub. 2026-03-24
10.0
CVSS
CRITICAL
CVE-2025-24085

Podatność typu use-after-free w zarządzaniu pamięcią systemów Apple umożliwia złośliwej aplikacji eskalację uprawnień. Apple potwierdza, że podatność była aktywnie wykorzystywana w atakach na urządzenia z iOS starszym niż 17.2.

pub. 2025-01-27🚩 CISA KEV⚡ EXPLOIT
10.0
CVSS
CRITICAL
CVE-2024-47040

Podatność typu use-after-free (UAF) w systemie Android, wynikająca z błędu logicznego w kodzie, umożliwia lokalną eskalację uprawnień. Jej krytyczność wynika z braku wymagań dotyczących uprawnień oraz konieczności interakcji użytkownika po stronie ofiary.

pub. 2024-12-18
10.0
CVSS
CRITICAL
CVE-2024-43102

Podatność use-after-free w podsystemie UMTX jądra FreeBSD pozwala nieuwierzytelnionemu atakującemu na zdalne wykonanie kodu lub ucieczkę z sandboxa Capsicum. Otrzymała maksymalną ocenę CVSS 10.0, co czyni ją podatnością krytyczną wymagającą natychmiastowej reakcji.

pub. 2024-09-05
10.0
CVSS
CRITICAL
CVE-2021-32495

Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.

pub. 2023-07-07
10.0
CVSS
CRITICAL
CVE-2021-33796

In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.

pub. 2023-07-07
10.0
CVSS
CRITICAL
CVE-2021-22893

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.

pub. 2021-04-23🚩 CISA KEV⚡ EXPLOIT
10.0
CVSS
CRITICAL
CVE-2016-6082

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.

pub. 2017-02-01
10.0
CVSS
HIGH
CVE-2015-5586

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.

pub. 2015-10-14
10.0
CVSS
HIGH
CVE-2015-6683

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.

pub. 2015-10-14
10.0
CVSS
HIGH
CVE-2015-6684

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.

pub. 2015-10-14
10.0
CVSS
HIGH
CVE-2015-6687

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.

pub. 2015-10-14
10.0
CVSS
HIGH
CVE-2015-6691

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-7615, CVE-2015-7617, and CVE-2015-7621.

pub. 2015-10-14
10.0
CVSS
HIGH
CVE-2015-4448

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, and CVE-2015-5114.

pub. 2015-07-15
10.0
CVSS
HIGH
CVE-2015-5095

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, and CVE-2015-5114.

pub. 2015-07-15
10.0
CVSS
HIGH
CVE-2015-5099

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5101, CVE-2015-5111, CVE-2015-5113, and CVE-2015-5114.

pub. 2015-07-15
10.0
CVSS
HIGH
CVE-2015-5101

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5111, CVE-2015-5113, and CVE-2015-5114.

pub. 2015-07-15
10.0
CVSS
HIGH
CVE-2015-5114

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, and CVE-2015-5113.

pub. 2015-07-15
Pokazano 20 z 9309 podatności
Informacje
ID: CWE-416
Typ: Variant
Podatności: 9309
MITRE CWE ↗
← Słownik CWE
CWE-416 — Użycie po uwolnieniu | Słownik CWE | CVEbaza.pl