CWE-416
Use After Free
Description
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (1,889)
page 83 of 95| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25028 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free. | ||
| CVE-2021-45701 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free. | ||
| CVE-2021-45702 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free. | ||
| CVE-2021-45713 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free. | ||
| CVE-2021-45714 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free. | ||
| CVE-2021-45715 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free. | ||
| CVE-2021-45716 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free. | ||
| CVE-2021-45717 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free. | ||
| CVE-2021-45718 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free. | ||
| CVE-2021-45719 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free. | ||
| CVE-2021-45720 | — | 0.00 | — | 0.00 | Dec 26, 2021 | An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation. | ||
| CVE-2021-43790 | — | 0.00 | — | 0.01 | Nov 29, 2021 | Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues.… | ||
| CVE-2021-41220 | 0.00 | — | 0.00 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been… | |||
| CVE-2021-39216 | 0.00 | — | 0.00 | Sep 17, 2021 | Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple… | |||
| CVE-2021-39228 | — | 0.00 | — | 0.01 | Sep 17, 2021 | Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of… | ||
| CVE-2021-37690 | 0.00 | — | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct… | |||
| CVE-2021-37652 | 0.00 | — | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The… | |||
| CVE-2020-36464 | — | 0.00 | — | 0.00 | Aug 8, 2021 | An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed. | ||
| CVE-2020-36465 | — | 0.00 | — | 0.00 | Aug 8, 2021 | An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. | ||
| CVE-2021-30560 | 0.00 | — | 0.00 | Aug 3, 2021 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
- CVE-2018-25028Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.
- CVE-2021-45701Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.
- CVE-2021-45702Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free.
- CVE-2021-45713Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.
- CVE-2021-45714Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free.
- CVE-2021-45715Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.
- CVE-2021-45716Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.
- CVE-2021-45717Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.
- CVE-2021-45718Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free.
- CVE-2021-45719Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.
- CVE-2021-45720Dec 26, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.
- CVE-2021-43790Nov 29, 2021risk 0.00cvss —epss 0.01
Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues.…
- CVE-2021-41220Nov 5, 2021risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been…
- CVE-2021-39216Sep 17, 2021risk 0.00cvss —epss 0.00
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple…
- CVE-2021-39228Sep 17, 2021risk 0.00cvss —epss 0.01
Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of…
- CVE-2021-37690Aug 12, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct…
- CVE-2021-37652Aug 12, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The…
- CVE-2020-36464Aug 8, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.
- CVE-2020-36465Aug 8, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.
- CVE-2021-30560Aug 3, 2021risk 0.00cvss —epss 0.00
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.