Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32974

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-04 Jun, 2024 | 21:00
Updated At-02 Aug, 2024 | 02:27
Rejected At-
Credits

Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:04 Jun, 2024 | 21:00
Updated At:02 Aug, 2024 | 02:27
Rejected At:
▼CVE Numbering Authority (CNA)
Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

Affected Products
Vendor
envoyproxy
Product
envoy
Versions
Affected
  • >= 1.30.0, <= 11.30.1
  • >= 1.29.0, <= 1.29.4
  • >= 1.28.0, <= 1.28.3
  • <= 1.27.5
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416: Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416: Use After Free
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299
x_refsource_CONFIRM
Hyperlink: https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:04 Jun, 2024 | 21:15
Updated At:12 Jun, 2024 | 15:16

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
envoyproxy
envoyproxy
>>envoy>>Versions before 1.27.6(exclusive)
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
envoyproxy
envoyproxy
>>envoy>>Versions from 1.28.0(inclusive) to 1.28.4(exclusive)
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
envoyproxy
envoyproxy
>>envoy>>Versions from 1.29.0(inclusive) to 1.29.5(exclusive)
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
envoyproxy
envoyproxy
>>envoy>>Versions from 1.30.0(inclusive) to 1.30.2(exclusive)
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE-416Secondarysecurity-advisories@github.com
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-416
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299security-advisories@github.com
Exploit
Third Party Advisory
Hyperlink: https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299
Source: security-advisories@github.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

181Records found
CVE-2024-43642
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-23.98% / 95.81%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Denial of Service Vulnerability

Windows SMB Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_24h2windows_server_2025windows_server_2022windows_11_22h2windows_11_23h2Windows Server 2022Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 11 Version 23H2Windows 11 version 22H3
CWE ID-CWE-416
Use After Free
CVE-2021-45717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:45
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.

Action-Not Available
Vendor-rusqlite_projectn/a
Product-rusqliten/a
CWE ID-CWE-416
Use After Free
CVE-2021-45713
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.

Action-Not Available
Vendor-rusqlite_projectn/a
Product-rusqliten/a
CWE ID-CWE-416
Use After Free
CVE-2021-45719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:45
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.

Action-Not Available
Vendor-rusqlite_projectn/a
Product-rusqliten/a
CWE ID-CWE-416
Use After Free
CVE-2019-3994
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-2.80% / 85.55%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 21:59
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable.

Action-Not Available
Vendor-elog_projectn/aFedora Project
Product-elogfedoraELOG
CWE ID-CWE-416
Use After Free
CVE-2010-4168
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.84% / 85.68%
||
7 Day CHG~0.00%
Published-17 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.

Action-Not Available
Vendor-openttdn/aFedora Project
Product-fedoraopenttdn/a
CWE ID-CWE-416
Use After Free
CVE-2021-45718
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:45
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free.

Action-Not Available
Vendor-rusqlite_projectn/a
Product-rusqliten/a
CWE ID-CWE-416
Use After Free
CVE-2021-45715
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.

Action-Not Available
Vendor-rusqlite_projectn/a
Product-rusqliten/a
CWE ID-CWE-416
Use After Free
CVE-2021-36144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.44%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 21:24
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-acrnn/a
CWE ID-CWE-416
Use After Free
CVE-2024-38910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.79%
||
7 Day CHG+0.02%
Published-05 Dec, 2024 | 00:00
Updated-06 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters.

Action-Not Available
Vendor-n/aopen_robotics
Product-n/aros2nav2_humble
CWE ID-CWE-416
Use After Free
CVE-2021-3455
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 59.44%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 22:25
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disconnecting L2CAP channel right after invalid ATT request leads freeze

Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-416
Use After Free
CVE-2024-36844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.22%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 19:16
Updated-01 May, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.

Action-Not Available
Vendor-libmodbusn/alibmodbus
Product-libmodbusn/alibmodbus
CWE ID-CWE-416
Use After Free
CVE-2021-32421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.72%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y.

Action-Not Available
Vendor-dpic_projectn/a
Product-dpicn/a
CWE ID-CWE-416
Use After Free
CVE-2021-45720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:45
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.

Action-Not Available
Vendor-lru_projectn/a
Product-lrun/a
CWE ID-CWE-416
Use After Free
CVE-2021-45716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.

Action-Not Available
Vendor-rusqlite_projectn/a
Product-rusqliten/a
CWE ID-CWE-416
Use After Free
CVE-2024-33069
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.46%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 12:58
Updated-16 Oct, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830wcd9380_firmwareqca6777aqsw5100pqca6554afastconnect_6800qca6595qca6431_firmwareqca6564ausnapdragon_865_5g_mobile_platformqca6777aq_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresa8530p_firmwarewsa8835qca6574sa8540p_firmwarewcd9380qca6595au_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwareqca6574aqca6426qca6584au_firmwarewcn3980qcc2076_firmwaresa8530pqca6554a_firmwarewcd9385_firmwareqam8295pqcc2073_firmwaresa9000pqca6574_firmwarewsa8815qca6688aqqam8295p_firmwareqca6426_firmwaresa9000p_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574a_firmwareqca6574au_firmwareqca6595auwcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6391qca6436_firmwaresa8295pqca6421_firmwarefastconnect_7800qca6564au_firmwareqca6584auqca6678aq_firmwareqca6678aqqca6698aqfastconnect_6900snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)fastconnect_6900_firmwarewcn3988_firmwareqca6797aq_firmwareqca6574auqca6421snapdragon_870_5g_mobile_platform_\(sm8250-ac\)wsa8810_firmwarefastconnect_7800_firmwaresw5100wsa8810qca6436sw5100p_firmwaresa8540pqca6698aq_firmwarewcd9385qca6431qca6696_firmwareqca6595_firmwareqca6696qca6787aqqca6391_firmwareqca6797aqwsa8830_firmwareqcc2076wsa8815_firmwarewcn3988wsa8835_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwarefastconnect_6800_firmwaresa8295p_firmwareqcc2073qca6688aq_firmwareqca6787aq_firmwareSnapdragonqca6564au_firmwarewcd9380_firmwareqca6678aq_firmwareqca6431_firmwarefastconnect_6900_firmwareqca6777aq_firmwareqca6797aq_firmwaresa8530p_firmwarewcn3988_firmwaresa8540p_firmwarewsa8810_firmwarefastconnect_7800_firmwareqca6595au_firmwaresw5100p_firmwareqca6698aq_firmwareqca6584au_firmwareqca6696_firmwareqca6595_firmwareqcc2076_firmwareqca6554a_firmwareqca6391_firmwarewcd9385_firmwareqcc2073_firmwareqca6574_firmwarewsa8830_firmwareqam8295p_firmwareqca6426_firmwarewsa8815_firmwaresa9000p_firmwareqca6574a_firmwarewsa8835_firmwareqca6574au_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwarefastconnect_6800_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresa8295p_firmwarewcn3980_firmwareqca6436_firmwareqca6688aq_firmwareqca6787aq_firmwareqca6421_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-33010
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.53%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-26 Nov, 2024 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresnapdragon_8_gen_1_mobile_platformsa6150p_firmwareqcs610ipq4028_firmwareqca8337qfw7124sg8275p_firmwarear9380ipq8173_firmwareqam8775pqcf8001qamsrv1msnapdragon_888_5g_mobile_platformqcn5124qca4024_firmwarewsa8840wcn3950_firmwareimmersive_home_318_platform_firmwareqxm8083ipq8078aipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_480_5g_mobile_platformvideo_collaboration_vc3_platformcsra6620_firmwarecsra6640_firmwareqcm5430_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqep8111_firmwareqca6554a_firmwareqam8295pwcn3950qcn6024_firmwareipq8076amdm9628immersive_home_316_platform_firmwareqca8386_firmwaresd_8_gen1_5g_firmwareqca8084_firmwaresnapdragon_460_mobile_platformqca6688aqqcn6412sm7315_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwareqcn5164_firmwareqcn6422_firmwarewcd9375_firmwareqca8081_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca9367_firmwareipq8065ipq8078a_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwareqrb5165m_firmwareipq5028qca7500ipq4029_firmwareqca6698aqqcs6125sa4155p_firmwareqcf8001_firmwarewsa8840_firmwareipq6010ipq8068sa7775p_firmwaresdx65mwcd9340snapdragon_8\+_gen_1_mobile_platformqcn6432qcn6132snapdragon_780g_5g_mobile_platformsw5100sa6155pqcf8000qca6698aq_firmwaresxr2250pipq5312snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)snapdragon_auto_5g_modem-rf_gen_2_firmwareqca9888_firmwareqcn6122wcd9341qam8775p_firmwareipq8068_firmwareqca6696_firmwaresa8255pipq9008_firmwareqcn5154_firmwareqca6797aqsa8150pqcc710_firmwarerobotics_rb5_platformwsa8830_firmwareqca9992_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988snapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwareqcn5022_firmwareqca9898sa8295p_firmwareipq4028immersive_home_216_platform_firmwaresa8770pqca9985_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)ipq4018_firmwareqca8337_firmwaresnapdragon_778g_5g_mobile_platform_firmwaressg2125pwcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresw5100pipq8076a_firmwaresnapdragon_w5\+_gen_1_wearable_platformipq8078qca8084qcm8550ipq8173qca6564auipq9008qcn5164qca6574qcn6402_firmwarecsr8811_firmwaresnapdragon_7c\+_gen_3_computewcd9380snapdragon_x72_5g_modem-rf_system_firmwarefastconnect_6700ipq9554_firmwareqcs410snapdragon_782g_mobile_platform_\(sm7325-af\)qcn5024ipq4019_firmwaresxr1230psnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwarevideo_collaboration_vc3_platform_firmwaresg8275pqca9985qcn9012_firmwaresm6370_firmwareqcn9274_firmwareqcn5052_firmwareqfw7114_firmwarewcd9335_firmwarewcn3980wsa8845qcc2073_firmwareipq6018_firmwareqcm4325_firmwarewcd9340_firmwarewsa8815qcn6112snapdragon_4_gen_1_mobile_platformqxm8083_firmwareqcs8250qca9984ipq6028ipq8064snapdragon_x62_5g_modem-rf_system_firmwareqcn9024ipq9574_firmwarewcn3980_firmwareimmersive_home_3210_platform_firmwareipq5302ipq8064_firmwaresa8295pwcn6740_firmwareqcs4490_firmwareqca6678aqsnapdragon_x65_5g_modem-rf_systemipq8078_firmwaresa8650p_firmwarefastconnect_6900snapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwareqca9994qca6797aq_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresrv1lqca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwaresa7255p_firmwareqca9880snapdragon_8\+_gen_2_mobile_platformsa8620pwsa8832qcn6412_firmwaresw5100p_firmwaresa8540pqcs610_firmwareipq5332ipq5302_firmwareqamsrv1m_firmwareimmersive_home_326_platformqcm5430sa6145pipq6018qca9886_firmwareqcc710immersive_home_214_platformqcs4490qca6595_firmwaresa8145pwcd9395qcs5430_firmwareqca6391_firmwaresa4150p_firmwareimmersive_home_214_platform_firmwareqca4024wcd9370_firmwaresm8550p_firmwaresdx55sd888_firmwareqcn6402sa8155pcsra6640snapdragon_695_5g_mobile_platformvideo_collaboration_vc1_platformsrv1mssg2115p_firmwareqam8620p_firmwareqfw7124_firmwareqam8255psa4155pqep8111snapdragon_685_4g_mobile_platform_\(sm6225-ad\)snapdragon_782g_mobile_platform_\(sm7325-af\)_firmwarear8035_firmwareqcn5024_firmwaretalynplus_firmwarewsa8830snapdragon_662_mobile_platform_firmwareqcn9070sxr2230p_firmwaresa8145p_firmwareqam8650pmdm9628_firmwareflight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwareqcn6224_firmwareqca8082qcn9072qca8386qca9880_firmwareqca9992srv1l_firmwaresnapdragon_888_5g_mobile_platform_firmwareipq6000wcd9370ssg2115pqcn5152_firmwareqca6584au_firmwarewcn3990_firmwareqrb5165n_firmwaresnapdragon_8_gen_2_mobile_platformqca9984_firmwareqca9377qcn9000_firmwareqcn9160ipq9554qamsrv1hsa8530pwcd9385_firmwareimmersive_home_216_platformfastconnect_6200talynplusqamsrv1h_firmwareimmersive_home_316_platformipq8074aimmersive_home_318_platformqcn5124_firmwareqam8295p_firmwareqcn9011_firmwareqca8082_firmwaresa9000p_firmwareqcn5122_firmwaresa7255psdx55_firmwaresnapdragon_4_gen_2_mobile_platformqcn6023_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114wsa8845h_firmwaresnapdragon_778g_5g_mobile_platformqca6595ausnapdragon_680_4g_mobile_platform_firmwareqrb5165nsnapdragon_w5\+_gen_1_wearable_platform_firmwareipq5010qca6564au_firmwareqca6584ausa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcn9274snapdragon_x72_5g_modem-rf_systemsa8775p_firmwareipq8174qca9990qcs6490qcn5052qca9367video_collaboration_vc5_platformqcs8550_firmwareqcn6112_firmwarewcn3988_firmwareqcn9074srv1hsa6145p_firmwareqca8085fastconnect_6700_firmwaresa8195pwsa8810_firmwareqcn6224vision_intelligence_400_platformwsa8845hsnapdragon_x62_5g_modem-rf_systemwcd9395_firmwaresnapdragon_x75_5g_modem-rf_systemwcd9335snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresg4150pqcs7230qca8081snapdragon_x35_5g_modem-rf_systemsnapdragon_auto_5g_modem-rf_gen_2qcm4490qcn6023ipq8071asa7775psdx65m_firmwareqam8620pqca6174a_firmwaresa8770p_firmwareqca8085_firmwareipq5300ipq8071a_firmwareqcs5430immersive_home_3210_platformwcd9385qcs6490_firmwareqca9898_firmwarewcd9375ar8035csr8811ipq4019wcd9390qcn9100_firmwarevision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformipq5010_firmwareipq8074a_firmwarewsa8815_firmwareqcm6490wsa8835_firmwarevideo_collaboration_vc5_platform_firmwaresxr2250p_firmwareqca6564asa4150psnapdragon_8_gen_2_mobile_platform_firmwaresg4150p_firmwareqcm6125_firmwareqca6688aq_firmwareqcm4325robotics_rb5_platform_firmwarewcn3990qcn9000qcf8000_firmwareqca6554aqca6595ar9380_firmwareqcs7230_firmwareqcn9012sd888sa8530p_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwaresxr1230p_firmwarewsa8835sa8540p_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresnapdragon_auto_5g_modem-rfqcn6274sd_8_gen1_5gsnapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwareqcn6422snapdragon_4_gen_1_mobile_platform_firmwareqcn5154qca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwaresmart_audio_400_platformipq4018qca6574aqca9889qca6174asm7325pqcn6132_firmwareqca9888qca9994_firmwareqcc2076_firmwareipq8070a_firmwareipq8076_firmwaresa8650psa9000pqca6574_firmwareqca9886sm7325p_firmwaresxr2230pipq8076wsa8845_firmwareqcn9160_firmwareqca6175aqca6574a_firmwaresa8775pfastconnect_6200_firmwareqcn5152qrb5165msm7315qca6391snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)fastconnect_7800qcn9100snapdragon_x35_5g_modem-rf_system_firmwareqcm4490_firmwareqcn6274_firmwareqcm6490_firmwareipq5300_firmwarewsa8832_firmwareqcn9070_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn9011video_collaboration_vc1_platform_firmwareqcn6432_firmwareipq5312_firmwareqca6574ausnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwareqca9889_firmwaresa8155p_firmwareqcn5122ipq9574qcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm6125wsa8810ipq5332_firmwaresm8550psnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_680_4g_mobile_platformsm6370srv1m_firmwaresnapdragon_ar2_gen_1_platformqcn5022qam8650p_firmwareipq6010_firmwarewcn6740qca6696qcs8550sa6150pqca8075snapdragon_8_gen_3_mobile_platform_firmwareqcn9022_firmwareqcn6024qcn9022wcd9390_firmwareqcc2076qca9990_firmwareipq8070aqcn9072_firmwareipq6000_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareipq4029qcc2073qca6175a_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwareqca9377_firmwaretalynplus_firmwaresnapdragon_662_mobile_platform_firmwaresa6150p_firmwaresa8145p_firmwaresxr2230p_firmwareipq4028_firmwaresg8275p_firmwareipq8173_firmwaremdm9628_firmwareflight_rb5_5g_platform_firmwareqcn6224_firmwareqca4024_firmwareqca9880_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwaresrv1l_firmwaresnapdragon_888_5g_mobile_platform_firmwareipq5028_firmwaresa8150p_firmwareqca6595au_firmwarecsra6620_firmwarecsra6640_firmwareqcm5430_firmwareqcn5152_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwarewcn3990_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareqcn5124_firmwareqam8295p_firmwareqcn9011_firmwareqca8082_firmwaresa9000p_firmwaresm7315_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwaresnapdragon_695_5g_mobile_platform_firmwarewcd9375_firmwarewsa8845h_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca9367_firmwaresnapdragon_auto_5g_modem-rf_firmwareqcm8550_firmwareipq8078a_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwaresa8775p_firmwareqrb5165m_firmwarewsa8840_firmwareipq4029_firmwaresa4155p_firmwareqcf8001_firmwareqcs8550_firmwareqcn6112_firmwarewcn3988_firmwaresa6145p_firmwaresa7775p_firmwarefastconnect_6700_firmwarewsa8810_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwareqca6698aq_firmwaresdx65m_firmwareqca6174a_firmwareipq8071a_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareipq8068_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6696_firmwareqcs6490_firmwareipq9008_firmwareqcn5154_firmwareqca9898_firmwareqcc710_firmwareqcn9100_firmwarevision_intelligence_400_platform_firmwarewsa8830_firmwareqca9992_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwareqcn5022_firmwaresa8295p_firmwaresxr2250p_firmwareimmersive_home_216_platform_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqcm6125_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca9985_firmwarerobotics_rb5_platform_firmwareipq4018_firmwareqca8337_firmwaresnapdragon_778g_5g_mobile_platform_firmwarewcd9380_firmwareqca7500_firmwareqca9980_firmwareqcf8000_firmwareipq8076a_firmwarear9380_firmwareqcs7230_firmwaresa8530p_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwaresxr1230p_firmwareqcn6402_firmwaresa8540p_firmwarecsr8811_firmwareipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwareipq4019_firmwaressg2125p_firmwareqcn6132_firmwareqca9994_firmwareqcn5052_firmwareqcn9012_firmwareqcc2076_firmwareipq8070a_firmwareqcn9274_firmwareqfw7114_firmwaresm6370_firmwarewcd9335_firmwareqcc2073_firmwareipq6018_firmwareipq8076_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm7325p_firmwarewsa8845_firmwareqcn9160_firmwareqxm8083_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_x62_5g_modem-rf_system_firmwareipq9574_firmwarewcn3980_firmwareimmersive_home_3210_platform_firmwareipq8064_firmwarewcn6740_firmwareqcm4490_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqcn6274_firmwareqcs4490_firmwareipq5300_firmwareqcm6490_firmwareipq8078_firmwaresa8650p_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8832_firmwarefastconnect_6900_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqca6797aq_firmwareipq5312_firmwareqcn6432_firmwareqca9889_firmwaresa8155p_firmwareqca6564a_firmwareipq8174_firmwareqcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcn6412_firmwaresw5100p_firmwareipq5332_firmwareqcs610_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareipq5302_firmwareqamsrv1m_firmwaresrv1m_firmwareqca9886_firmwareqam8650p_firmwareipq6010_firmwareqca6595_firmwareqcs5430_firmwareqca6391_firmwareimmersive_home_214_platform_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresd888_firmwareqcn9022_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwareqca9990_firmwareqcn9072_firmwareipq6000_firmwaressg2115p_firmwaresw5100_firmwareqcn9074_firmwareqam8620p_firmwareqcs410_firmwareqfw7124_firmwareqca6175a_firmwarear8035_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-4741
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.59%
||
7 Day CHG-0.00%
Published-13 Nov, 2024 | 10:20
Updated-13 Nov, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free with SSL_free_buffers

Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Action-Not Available
Vendor-OpenSSL
Product-OpenSSLopenssl
CWE ID-CWE-416
Use After Free
CVE-2024-33068
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.45%
||
7 Day CHG+0.02%
Published-04 Nov, 2024 | 10:04
Updated-07 Nov, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host Communication

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830qca6777aqsxr2230p_firmwareqca8337qam8650pqfw7124sg8275p_firmwareqcf8001qam8775pqamsrv1mqca6777aq_firmwareqcn6224_firmwareqcn5124wsa8840qca8082qca8386srv1l_firmwarewcn6755_firmwareqca6595au_firmwarevideo_collaboration_vc3_platformwcd9370ssg2115pqca6584au_firmwarewcn3990_firmwaresnapdragon_8_gen_2_mobile_platformqcn9000_firmwareqamsrv1hqca6554a_firmwarewcd9385_firmwareqam8295pwcn7881_firmwareqca8386_firmwareqamsrv1h_firmwarewcn3660bqca8084_firmwareqcn6412qcn5124_firmwareqca6688aqqam8295p_firmwaresa9000p_firmwaresnapdragon_429_mobile_platform_firmwareqca8082_firmwareqca6574au_firmwaresa7255pqcn6422_firmwarewsa8845h_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114qca8081_firmwareqca6595ausnapdragon_429_mobile_platformwcn7860qca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcn9274wcn7881snapdragon_x72_5g_modem-rf_systemqca6678aq_firmwaresa8775p_firmwareqcs6490wsa8840_firmwareqca6698aqvideo_collaboration_vc5_platformqcf8001_firmwareqcs8550_firmwaresm8635wcn7880_firmwaresrv1hqcn9074qca8085sdx65msa7775p_firmwarewcd9340sa8195pqcn6224vision_intelligence_400_platformwsa8845hwcn6755wcd9395_firmwarewcd9335snapdragon_x75_5g_modem-rf_systemsnapdragon_ar2_gen_1_platform_firmwaresm8750p_firmwaresm8750_firmwaresa8255p_firmwaresa6155pqcs7230snapdragon_auto_5g_modem-rf_gen_2qcf8000sdx65m_firmwaresa7775psxr2250pqca8081qca6698aq_firmwareqam8620pwcd9385wcd9341snapdragon_auto_5g_modem-rf_gen_2_firmwaresa8770p_firmwaresa8255pqca8085_firmwareqca6696_firmwareqcs6490_firmwareqam8775p_firmwareimmersive_home_3210_platformipq9008_firmwareqca6797aqar8035wcd9375wcd9390vision_intelligence_400_platform_firmwareqcc710_firmwarewsa8830_firmwarewcn3620_firmwarewsa8835_firmwarewcn3620sa8195p_firmwarevideo_collaboration_vc5_platform_firmwaresxr2250p_firmwaresa8295p_firmwarewcn7880snapdragon_8_gen_2_mobile_platform_firmwaresa8770pqca6787aq_firmwareqca6688aq_firmwarewcd9380_firmwareqca8337_firmwaressg2125pwcn3990qcn9000sdm429wqcf8000_firmwareqca6554aqca6595qca8084qcm8550qca6564auqcs7230_firmwareipq9008immersive_home_326_platform_firmwarewsa8835qca6574sxr1230p_firmwaresdm429w_firmwareqcn6402_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380qcn6274qcn6422snapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqca6574asxr1230pvideo_collaboration_vc3_platform_firmwaresg8275pwcd9335_firmwareqfw7114_firmwareqcn9274_firmwarewsa8845ipq5312sa8650psa9000pqca6574_firmwarewcd9340_firmwaresxr2230pwsa8845_firmwareqcs8250wcn3660b_firmwaresm8750psa8775pqca6574a_firmwareqcn9024ipq9574_firmwareqca6391immersive_home_3210_platform_firmwareipq5302sa8295pfastconnect_7800qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemwcn7861_firmwareqca6678aqwsa8832_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900srv1h_firmwarefastconnect_6900_firmwareqcn6432_firmwareqca6797aq_firmwareqca6574auipq5312_firmwaresa8155p_firmwaresrv1lipq9574qcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwaresnapdragon_8\+_gen_2_mobile_platformfastconnect_7800_firmwaresa8620pwsa8832qcn6412_firmwareipq5332_firmwaresm8550pipq5332ipq5302_firmwaresrv1m_firmwaresnapdragon_ar2_gen_1_platformqamsrv1m_firmwareimmersive_home_326_platformsm8750qam8650p_firmwareqcc710wcn7860_firmwareqca6595_firmwarewcn7861wcd9395qca6696qca6787aqqca6391_firmwareqcs8550wcd9370_firmwaresm8550p_firmwarewcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8155pqcn6402srv1mssg2115p_firmwareqcn9074_firmwareqam8620p_firmwareqfw7124_firmwareqam8255pqcn6432ar8035_firmwareSnapdragonqam8255p_firmwareqca8337_firmwarewcd9380_firmwaresxr2230p_firmwareqcf8000_firmwaresg8275p_firmwareqcs7230_firmwarear8035_firmwareqca6777aq_firmwareqcn6224_firmwareimmersive_home_326_platform_firmwaresxr1230p_firmwareqcn6402_firmwaresdm429w_firmwaresrv1l_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqca6584au_firmwarewcn3990_firmwareqcn9000_firmwarewcd9335_firmwareqcn9274_firmwareqfw7114_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcn7881_firmwareqca8386_firmwareqamsrv1h_firmwareqca6574_firmwarewcd9340_firmwareqca8084_firmwareqcn5124_firmwarewsa8845_firmwareqam8295p_firmwarewcn3660b_firmwareqca8082_firmwaresa9000p_firmwaresnapdragon_429_mobile_platform_firmwareqca6574au_firmwareqca6574a_firmwareqcn6422_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwareipq9574_firmwareimmersive_home_3210_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqca6678aq_firmwareqcn6274_firmwaresa8775p_firmwarewcn7861_firmwarewsa8840_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcf8001_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwareqca6797aq_firmwareipq5312_firmwareqcn6432_firmwarewcn7880_firmwaresa8155p_firmwaresa7775p_firmwareqcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresm8750_firmwaresm8750p_firmwarewcd9395_firmwareqcn6412_firmwareipq5332_firmwareipq5302_firmwareqca6698aq_firmwareqamsrv1m_firmwaresdx65m_firmwaresrv1m_firmwareqam8650p_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6696_firmwareqcs6490_firmwarewcn7860_firmwareqca6595_firmwareipq9008_firmwareqca6391_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqcc710_firmwarevision_intelligence_400_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewsa8830_firmwarewcd9390_firmwarewcn3620_firmwaresxr2250p_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwareqcn9074_firmwareqam8620p_firmwareqfw7124_firmwaresa8295p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqca6787aq_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-30416
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 08:07
Updated-13 Mar, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-416
Use After Free
CVE-2024-30809
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.19%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 00:00
Updated-27 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts.

Action-Not Available
Vendor-n/abento4Axiomatic Systems, LLC
Product-bento4n/abento4
CWE ID-CWE-416
Use After Free
CVE-2006-4434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.59% / 91.46%
||
7 Day CHG~0.00%
Published-29 Aug, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Action-Not Available
Vendor-sendmailn/a
Product-sendmailn/a
CWE ID-CWE-416
Use After Free
CVE-2024-26455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 00:00
Updated-12 May, 2025 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.

Action-Not Available
Vendor-treasuredatan/afluentd
Product-fluent_bitn/afluentbit
CWE ID-CWE-416
Use After Free
CVE-2024-24990
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.70%
||
7 Day CHG+0.01%
Published-14 Feb, 2024 | 16:30
Updated-08 May, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-nginx_open_sourcenginx_plusNGINX Open SourceNGINX Plus
CWE ID-CWE-416
Use After Free
CVE-2024-24266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.39%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-05 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-416
Use After Free
CVE-2024-24263
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.01%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-12 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c.

Action-Not Available
Vendor-chendotjsn/a
Product-lotos_webservern/a
CWE ID-CWE-416
Use After Free
CVE-2017-13711
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 76.55%
||
7 Day CHG~0.00%
Published-01 Sep, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemun/a
CWE ID-CWE-416
Use After Free
CVE-2010-0302
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.29% / 89.63%
||
7 Day CHG~0.00%
Published-05 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectRed Hat, Inc.Apple Inc.
Product-ubuntu_linuxenterprise_linuxfedoraenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopcupsenterprise_linux_eusmac_os_xmac_os_x_servern/a
CWE ID-CWE-416
Use After Free
CVE-2024-24262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.01%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-06 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.

Action-Not Available
Vendor-ireadern/a
Product-media-servern/a
CWE ID-CWE-416
Use After Free
CVE-2009-3553
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.85% / 92.68%
||
7 Day CHG~0.00%
Published-20 Nov, 2009 | 02:00
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.Fedora ProjectApple Inc.
Product-ubuntu_linuxdebian_linuxcupsfedoramac_os_xenterprise_linuxmac_os_x_servern/a
CWE ID-CWE-416
Use After Free
CVE-2021-1764
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 77.92%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:55
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-416
Use After Free
CVE-2024-10459
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 68.20%
||
7 Day CHG+0.09%
Published-29 Oct, 2024 | 12:19
Updated-31 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2023-42482
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 23.39%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2200exynos_2200_firmwaren/aexynos_2200
CWE ID-CWE-416
Use After Free
CVE-2023-42459
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:56
Updated-11 Apr, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed DATA submessage leads to bad-free error in Fast-DDS

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-eprosimaeProsima
Product-fast_ddsFast-DDS
CWE ID-CWE-415
Double Free
CWE ID-CWE-416
Use After Free
CWE ID-CWE-590
Free of Memory not on the Heap
CVE-2020-7469
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.61%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 11:55
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.

Action-Not Available
Vendor-n/aFreeBSD FoundationNetApp, Inc.
Product-freebsdclustered_data_ontapFreeBSD
CWE ID-CWE-416
Use After Free
CVE-2019-19768
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.85% / 82.28%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:38
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-416
Use After Free
CVE-2019-20006
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.10%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 21:55
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.

Action-Not Available
Vendor-ezxml_projectn/a
Product-ezxmln/a
CWE ID-CWE-416
Use After Free
CVE-2023-5728
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.24%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 12:47
Updated-13 Feb, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefox ESRFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2019-18408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.93% / 87.85%
||
7 Day CHG~0.00%
Published-24 Oct, 2019 | 13:37
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.libarchiveDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernellibarchiven/a
CWE ID-CWE-416
Use After Free
CVE-2022-32081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.89%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationFedora Project
Product-mariadbfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2023-52266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-30 Dec, 2023 | 00:00
Updated-09 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.

Action-Not Available
Vendor-hongliuliaon/a
Product-ehttpn/a
CWE ID-CWE-416
Use After Free
CVE-2019-1741
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:25
Updated-19 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-416
Use After Free
CVE-2019-17069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.79%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 00:00
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

Action-Not Available
Vendor-puttyn/aNetApp, Inc.openSUSE
Product-oncommand_unified_manager_core_packageputtyleapn/a
CWE ID-CWE-416
Use After Free
CVE-2019-16510
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.44%
||
7 Day CHG~0.00%
Published-19 Sep, 2019 | 15:39
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.

Action-Not Available
Vendor-mz-automationn/a
Product-libiec61850n/a
CWE ID-CWE-416
Use After Free
CVE-2023-4806
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.11% / 77.20%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 16:33
Updated-18 Aug, 2025 | 08:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: potential use-after-free in getaddrinfo()

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Action-Not Available
Vendor-Fedora ProjectGNURed Hat, Inc.
Product-codeready_linux_builder_for_arm64fedoraenterprise_linuxenterprise_linux_eusglibccodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_for_ibm_z_systemsenterprise_linux_for_arm_64_euscodeready_linux_builder_eusenterprise_linux_server_ausenterprise_linux_for_ibm_z_systems_s390xenterprise_linux_for_ibm_z_systems_eus_s390xenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_euscodeready_linux_builder_eus_for_power_little_endianenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_power_little_endianenterprise_linux_for_arm_64codeready_linux_builder_for_arm64_eusenterprise_linux_for_ibm_z_systemscodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_tusRed Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8.6 Extended Update Support
CWE ID-CWE-416
Use After Free
CVE-2023-4813
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.31% / 53.81%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 21:54
Updated-18 Aug, 2025 | 08:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: potential use-after-free in gaih_inet()

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Action-Not Available
Vendor-Fedora ProjectGNURed Hat, Inc.NetApp, Inc.
Product-h700sfedoraenterprise_linux_eusenterprise_linuxglibch300s_firmwareenterprise_linux_server_ausenterprise_linux_for_ibm_z_systems_s390xh410centerprise_linux_for_ibm_z_systems_eus_s390xh700s_firmwareenterprise_linux_server_tusenterprise_linux_for_power_little_endian_eush500sh300senterprise_linux_for_power_little_endianh410sh500s_firmwareh410c_firmwareh410s_firmwareactive_iq_unified_managerRed Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8.6 Extended Update Support
CWE ID-CWE-416
Use After Free
CVE-2022-27456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.48%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:57
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2019-15890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.41%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 16:55
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

Action-Not Available
Vendor-libslirp_projectn/aQEMU
Product-libslirpqemun/a
CWE ID-CWE-416
Use After Free
CVE-2023-34494
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 45.06%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.

Action-Not Available
Vendor-emqxn/a
Product-nanomqn/a
CWE ID-CWE-416
Use After Free
CVE-2024-5702
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 73.05%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-04 Apr, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxFirefox ESRThunderbirdfirefoxthunderbirdfirefox_esr
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found