VYPR

CWE-825

Expired Pointer Dereference

BaseIncomplete

Description

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

When a product releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the product to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.

Hierarchy (View 1000)

CVEs mapped to this weakness (19)

  • CVE-2025-49794CriJun 16, 2025
    risk 0.59cvss 9.1epss 0.01

    A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as…

  • CVE-2026-34001HigApr 23, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server…

  • CVE-2026-8854HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.

  • CVE-2025-49795HigJun 16, 2025
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

  • CVE-2026-7111HigApr 29, 2026
    risk 0.48cvss 8.4epss 0.00

    Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example…

  • CVE-2024-45105MedSep 13, 2024
    risk 0.44cvss 6.7epss 0.00

    An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.

  • CVE-2026-2436MedMar 26, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection…

  • CVE-2026-32873HigMar 20, 2026
    risk 0.42cvss 7.5epss 0.01

    ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handle_trailers function where rejected trailer headers (forbidden or undeclared) cause an infinite loop. When handle_trailers encounters such a trailer, three code paths (lines 520, 523, 526) recurse…

  • CVE-2026-5165MedMar 30, 2026
    risk 0.37cvss 6.7epss 0.00

    A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially…

  • CVE-2026-42014MedJun 16, 2026
    risk 0.36cvss 6.6epss 0.00

    A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected…

  • CVE-2025-10911MedSep 25, 2025
    risk 0.36cvss 5.5epss 0.00

    A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

  • CVE-2025-61664MedNov 18, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking…

  • CVE-2025-61663MedNov 18, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can…

  • CVE-2025-54771MedNov 18, 2025
    risk 0.32cvss 4.9epss 0.00

    A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this…

  • CVE-2025-54770MedNov 18, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from…

  • CVE-2026-35094LowApr 1, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system…

  • CVE-2026-54778Jun 19, 2026
    risk 0.00cvss epss

    ### Impact Race condition in POSIX peer identity resolution may attribute one connection’s identity to another (getpwuid/getgrgid non-reentrant) and may crash the host process under contention. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Restrict UDS…

  • CVE-2025-12119Nov 18, 2025
    risk 0.00cvss epss 0.00

    A mongoc_bulk_operation_t may read invalid memory if large options are passed.

  • CVE-2021-39228Sep 17, 2021
    risk 0.00cvss epss 0.01

    Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of…