CWE-416
Use After Free
Description
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2,306)
page 104 of 116| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45716 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free. | ||
| CVE-2021-45717 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free. | ||
| CVE-2021-45718 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free. | ||
| CVE-2021-45719 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free. | ||
| CVE-2021-45720 | — | 0.00 | — | 0.01 | Dec 26, 2021 | An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation. | ||
| CVE-2021-43790 | — | 0.00 | — | 0.02 | Nov 29, 2021 | Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues.… | ||
| CVE-2021-41220 | 0.00 | — | 0.00 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been… | |||
| CVE-2021-39216 | 0.00 | — | 0.00 | Sep 17, 2021 | Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple… | |||
| CVE-2021-39228 | — | 0.00 | — | 0.01 | Sep 17, 2021 | Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of… | ||
| CVE-2021-37690 | 0.00 | — | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct… | |||
| CVE-2021-37652 | 0.00 | — | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The… | |||
| CVE-2020-36464 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed. | ||
| CVE-2020-36465 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. | ||
| CVE-2021-30560 | 0.00 | — | 0.22 | Aug 3, 2021 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-24037 | — | 0.00 | — | 0.02 | Jun 15, 2021 | A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits… | ||
| CVE-2021-3518 | — | 0.00 | — | 0.04 | May 18, 2021 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | ||
| CVE-2021-29935 | — | 0.00 | — | 0.01 | Apr 1, 2021 | An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics. | ||
| CVE-2021-28305 | — | 0.00 | — | 0.01 | Mar 12, 2021 | An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed. | ||
| CVE-2021-28032 | — | 0.00 | — | 0.01 | Mar 5, 2021 | An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow behaves in certain ways. This can have a resultant out-of-bounds write or… | ||
| CVE-2021-27377 | — | 0.00 | — | 0.01 | Feb 18, 2021 | An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free. |
- CVE-2021-45716Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.
- CVE-2021-45717Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.
- CVE-2021-45718Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free.
- CVE-2021-45719Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.
- CVE-2021-45720Dec 26, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.
- CVE-2021-43790Nov 29, 2021risk 0.00cvss —epss 0.02
Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues.…
- CVE-2021-41220Nov 5, 2021risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been…
- CVE-2021-39216Sep 17, 2021risk 0.00cvss —epss 0.00
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple…
- CVE-2021-39228Sep 17, 2021risk 0.00cvss —epss 0.01
Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of…
- CVE-2021-37690Aug 12, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct…
- CVE-2021-37652Aug 12, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The…
- CVE-2020-36464Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.
- CVE-2020-36465Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.
- CVE-2021-30560Aug 3, 2021risk 0.00cvss —epss 0.22
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-24037Jun 15, 2021risk 0.00cvss —epss 0.02
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits…
- CVE-2021-3518May 18, 2021risk 0.00cvss —epss 0.04
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
- CVE-2021-29935Apr 1, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics.
- CVE-2021-28305Mar 12, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed.
- CVE-2021-28032Mar 5, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow behaves in certain ways. This can have a resultant out-of-bounds write or…
- CVE-2021-27377Feb 18, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.