CWE-416
Use After Free
Description
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2,306)
page 103 of 116| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27929 | 0.00 | — | 0.00 | Mar 5, 2024 | ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for… | |||
| CVE-2024-27284 | — | 0.00 | — | 0.01 | Feb 28, 2024 | cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version… | ||
| CVE-2023-38669 | 0.00 | — | 0.01 | Jul 26, 2023 | Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition. | |||
| CVE-2023-29824 | — | 0.00 | — | 0.01 | Jul 6, 2023 | A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue. | ||
| CVE-2023-33128 | 0.00 | — | 0.01 | Jun 13, 2023 | .NET and Visual Studio Remote Code Execution Vulnerability | |||
| CVE-2023-30549 | 0.00 | — | 0.00 | Apr 25, 2023 | Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That… | |||
| CVE-2023-21808 | 0.00 | — | 0.01 | Feb 14, 2023 | .NET and Visual Studio Remote Code Execution Vulnerability | |||
| CVE-2023-0215 | 0.00 | — | 0.04 | Feb 8, 2023 | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function… | |||
| CVE-2022-45146 | — | 0.00 | — | 0.00 | Nov 21, 2022 | An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in… | ||
| CVE-2021-39432 | — | 0.00 | — | 0.01 | Nov 4, 2022 | diplib v3.0.0 is vulnerable to Double Free. | ||
| CVE-2022-31146 | 0.00 | — | 0.01 | Jul 20, 2022 | Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC… | |||
| CVE-2022-24791 | 0.00 | — | 0.01 | Mar 31, 2022 | Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is… | |||
| CVE-2022-23584 | 0.00 | — | 0.01 | Feb 4, 2022 | Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will… | |||
| CVE-2018-25027 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free. | ||
| CVE-2018-25028 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free. | ||
| CVE-2021-45701 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free. | ||
| CVE-2021-45702 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free. | ||
| CVE-2021-45713 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free. | ||
| CVE-2021-45714 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free. | ||
| CVE-2021-45715 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free. |
- CVE-2024-27929Mar 5, 2024risk 0.00cvss —epss 0.00
ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for…
- CVE-2024-27284Feb 28, 2024risk 0.00cvss —epss 0.01
cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version…
- CVE-2023-38669Jul 26, 2023risk 0.00cvss —epss 0.01
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
- CVE-2023-29824Jul 6, 2023risk 0.00cvss —epss 0.01
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
- CVE-2023-33128Jun 13, 2023risk 0.00cvss —epss 0.01
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2023-30549Apr 25, 2023risk 0.00cvss —epss 0.00
Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That…
- CVE-2023-21808Feb 14, 2023risk 0.00cvss —epss 0.01
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2023-0215Feb 8, 2023risk 0.00cvss —epss 0.04
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function…
- CVE-2022-45146Nov 21, 2022risk 0.00cvss —epss 0.00
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in…
- CVE-2021-39432Nov 4, 2022risk 0.00cvss —epss 0.01
diplib v3.0.0 is vulnerable to Double Free.
- CVE-2022-31146Jul 20, 2022risk 0.00cvss —epss 0.01
Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC…
- CVE-2022-24791Mar 31, 2022risk 0.00cvss —epss 0.01
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is…
- CVE-2022-23584Feb 4, 2022risk 0.00cvss —epss 0.01
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will…
- CVE-2018-25027Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free.
- CVE-2018-25028Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.
- CVE-2021-45701Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.
- CVE-2021-45702Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free.
- CVE-2021-45713Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.
- CVE-2021-45714Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free.
- CVE-2021-45715Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.