VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 112 of 116
  • CVE-2011-3050Mar 22, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

  • CVE-2011-3044Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.

  • CVE-2011-3043Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.

  • CVE-2011-3042Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.

  • CVE-2011-3041Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.

  • CVE-2011-3039Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.

  • CVE-2011-3038Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.

  • CVE-2011-3035Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

  • CVE-2011-3034Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.

  • CVE-2011-3032Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.

  • CVE-2011-3031Mar 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3023Feb 16, 2012
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.

  • CVE-2011-3021Feb 16, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.

  • CVE-2011-3017Feb 16, 2012
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.

  • CVE-2011-3016Feb 16, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.

  • CVE-2011-3971Feb 9, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.

  • CVE-2011-3969Feb 9, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.

  • CVE-2011-3968Feb 9, 2012
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.

  • CVE-2011-3966Feb 9, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.

  • CVE-2011-3958Feb 9, 2012
    risk 0.00cvss epss 0.02

    Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.