Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-4741

Summary
Assigner-openssl
Assigner Org ID-3a12439a-ef3a-4c79-92e6-6081a721f1e5
Published At-13 Nov, 2024 | 10:20
Updated At-13 Nov, 2024 | 14:49
Rejected At-
Credits

Use After Free with SSL_free_buffers

Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:openssl
Assigner Org ID:3a12439a-ef3a-4c79-92e6-6081a721f1e5
Published At:13 Nov, 2024 | 10:20
Updated At:13 Nov, 2024 | 14:49
Rejected At:
▼CVE Numbering Authority (CNA)
Use After Free with SSL_free_buffers

Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Affected Products
Vendor
OpenSSLOpenSSL
Product
OpenSSL
Default Status
unaffected
Versions
Affected
  • From 3.3.0 before 3.3.1 (semver)
  • From 3.2.0 before 3.2.2 (semver)
  • From 3.1.0 before 3.1.6 (semver)
  • From 3.0.0 before 3.0.14 (semver)
  • From 1.1.1 before 1.1.1y (custom)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
https://www.openssl.org/policies/secpolicy.html
text:
Low
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
William Ahern (Akamai)
remediation developer
Matt Caswell
remediation developer
Watson Ladd (Akamai)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.openssl.org/news/secadv/20240528.txt
vendor-advisory
https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8
patch
https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac
patch
https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177
patch
https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
patch
https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4
patch
Hyperlink: https://www.openssl.org/news/secadv/20240528.txt
Resource:
vendor-advisory
Hyperlink: https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8
Resource:
patch
Hyperlink: https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac
Resource:
patch
Hyperlink: https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177
Resource:
patch
Hyperlink: https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
Resource:
patch
Hyperlink: https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
OpenSSLopenssl
Product
openssl
CPEs
  • cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 1.1.1 before 1.1.1y (semver)
  • From 3.0.0 before 3.0.14 (semver)
  • From 3.1.0 before 3.1.6 (semver)
  • From 3.2.0 before 3.2.2 (semver)
  • From 3.3.0 before 3.3.1 (semver)
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:openssl-security@openssl.org
Published At:13 Nov, 2024 | 11:15
Updated At:13 Nov, 2024 | 17:01

Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-416Secondaryopenssl-security@openssl.org
CWE ID: CWE-416
Type: Secondary
Source: openssl-security@openssl.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177openssl-security@openssl.org
N/A
https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437dopenssl-security@openssl.org
N/A
https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aacopenssl-security@openssl.org
N/A
https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8openssl-security@openssl.org
N/A
https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4openssl-security@openssl.org
N/A
https://www.openssl.org/news/secadv/20240528.txtopenssl-security@openssl.org
N/A
Hyperlink: https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://www.openssl.org/news/secadv/20240528.txt
Source: openssl-security@openssl.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

167Records found
CVE-2021-45720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:45
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.

Action-Not Available
Vendor-lru_projectn/a
Product-lrun/a
CWE ID-CWE-416
Use After Free
CVE-2021-45716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:46
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.

Action-Not Available
Vendor-rusqlite_projectn/a
Product-rusqliten/a
CWE ID-CWE-416
Use After Free
CVE-2024-33069
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.46%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 12:58
Updated-16 Oct, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830wcd9380_firmwareqca6777aqsw5100pqca6554afastconnect_6800qca6595qca6431_firmwareqca6564ausnapdragon_865_5g_mobile_platformqca6777aq_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresa8530p_firmwarewsa8835qca6574sa8540p_firmwarewcd9380qca6595au_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwareqca6574aqca6426qca6584au_firmwarewcn3980qcc2076_firmwaresa8530pqca6554a_firmwarewcd9385_firmwareqam8295pqcc2073_firmwaresa9000pqca6574_firmwarewsa8815qca6688aqqam8295p_firmwareqca6426_firmwaresa9000p_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574a_firmwareqca6574au_firmwareqca6595auwcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6391qca6436_firmwaresa8295pqca6421_firmwarefastconnect_7800qca6564au_firmwareqca6584auqca6678aq_firmwareqca6678aqqca6698aqfastconnect_6900snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)fastconnect_6900_firmwarewcn3988_firmwareqca6797aq_firmwareqca6574auqca6421snapdragon_870_5g_mobile_platform_\(sm8250-ac\)wsa8810_firmwarefastconnect_7800_firmwaresw5100wsa8810qca6436sw5100p_firmwaresa8540pqca6698aq_firmwarewcd9385qca6431qca6696_firmwareqca6595_firmwareqca6696qca6787aqqca6391_firmwareqca6797aqwsa8830_firmwareqcc2076wsa8815_firmwarewcn3988wsa8835_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwarefastconnect_6800_firmwaresa8295p_firmwareqcc2073qca6688aq_firmwareqca6787aq_firmwareSnapdragonqca6564au_firmwarewcd9380_firmwareqca6678aq_firmwareqca6431_firmwarefastconnect_6900_firmwareqca6777aq_firmwareqca6797aq_firmwaresa8530p_firmwarewcn3988_firmwaresa8540p_firmwarewsa8810_firmwarefastconnect_7800_firmwareqca6595au_firmwaresw5100p_firmwareqca6698aq_firmwareqca6584au_firmwareqca6696_firmwareqca6595_firmwareqcc2076_firmwareqca6554a_firmwareqca6391_firmwarewcd9385_firmwareqcc2073_firmwareqca6574_firmwarewsa8830_firmwareqam8295p_firmwareqca6426_firmwarewsa8815_firmwaresa9000p_firmwareqca6574a_firmwarewsa8835_firmwareqca6574au_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwarefastconnect_6800_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresa8295p_firmwarewcn3980_firmwareqca6436_firmwareqca6688aq_firmwareqca6787aq_firmwareqca6421_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-33010
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.53%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-26 Nov, 2024 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresnapdragon_8_gen_1_mobile_platformsa6150p_firmwareqcs610ipq4028_firmwareqca8337qfw7124sg8275p_firmwarear9380ipq8173_firmwareqam8775pqcf8001qamsrv1msnapdragon_888_5g_mobile_platformqcn5124qca4024_firmwarewsa8840wcn3950_firmwareimmersive_home_318_platform_firmwareqxm8083ipq8078aipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_480_5g_mobile_platformvideo_collaboration_vc3_platformcsra6620_firmwarecsra6640_firmwareqcm5430_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqep8111_firmwareqca6554a_firmwareqam8295pwcn3950qcn6024_firmwareipq8076amdm9628immersive_home_316_platform_firmwareqca8386_firmwaresd_8_gen1_5g_firmwareqca8084_firmwaresnapdragon_460_mobile_platformqca6688aqqcn6412sm7315_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwareqcn5164_firmwareqcn6422_firmwarewcd9375_firmwareqca8081_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca9367_firmwareipq8065ipq8078a_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwareqrb5165m_firmwareipq5028qca7500ipq4029_firmwareqca6698aqqcs6125sa4155p_firmwareqcf8001_firmwarewsa8840_firmwareipq6010ipq8068sa7775p_firmwaresdx65mwcd9340snapdragon_8\+_gen_1_mobile_platformqcn6432qcn6132snapdragon_780g_5g_mobile_platformsw5100sa6155pqcf8000qca6698aq_firmwaresxr2250pipq5312snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)snapdragon_auto_5g_modem-rf_gen_2_firmwareqca9888_firmwareqcn6122wcd9341qam8775p_firmwareipq8068_firmwareqca6696_firmwaresa8255pipq9008_firmwareqcn5154_firmwareqca6797aqsa8150pqcc710_firmwarerobotics_rb5_platformwsa8830_firmwareqca9992_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988snapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwareqcn5022_firmwareqca9898sa8295p_firmwareipq4028immersive_home_216_platform_firmwaresa8770pqca9985_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)ipq4018_firmwareqca8337_firmwaresnapdragon_778g_5g_mobile_platform_firmwaressg2125pwcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresw5100pipq8076a_firmwaresnapdragon_w5\+_gen_1_wearable_platformipq8078qca8084qcm8550ipq8173qca6564auipq9008qcn5164qca6574qcn6402_firmwarecsr8811_firmwaresnapdragon_7c\+_gen_3_computewcd9380snapdragon_x72_5g_modem-rf_system_firmwarefastconnect_6700ipq9554_firmwareqcs410snapdragon_782g_mobile_platform_\(sm7325-af\)qcn5024ipq4019_firmwaresxr1230psnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwarevideo_collaboration_vc3_platform_firmwaresg8275pqca9985qcn9012_firmwaresm6370_firmwareqcn9274_firmwareqcn5052_firmwareqfw7114_firmwarewcd9335_firmwarewcn3980wsa8845qcc2073_firmwareipq6018_firmwareqcm4325_firmwarewcd9340_firmwarewsa8815qcn6112snapdragon_4_gen_1_mobile_platformqxm8083_firmwareqcs8250qca9984ipq6028ipq8064snapdragon_x62_5g_modem-rf_system_firmwareqcn9024ipq9574_firmwarewcn3980_firmwareimmersive_home_3210_platform_firmwareipq5302ipq8064_firmwaresa8295pwcn6740_firmwareqcs4490_firmwareqca6678aqsnapdragon_x65_5g_modem-rf_systemipq8078_firmwaresa8650p_firmwarefastconnect_6900snapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwareqca9994qca6797aq_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresrv1lqca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwaresa7255p_firmwareqca9880snapdragon_8\+_gen_2_mobile_platformsa8620pwsa8832qcn6412_firmwaresw5100p_firmwaresa8540pqcs610_firmwareipq5332ipq5302_firmwareqamsrv1m_firmwareimmersive_home_326_platformqcm5430sa6145pipq6018qca9886_firmwareqcc710immersive_home_214_platformqcs4490qca6595_firmwaresa8145pwcd9395qcs5430_firmwareqca6391_firmwaresa4150p_firmwareimmersive_home_214_platform_firmwareqca4024wcd9370_firmwaresm8550p_firmwaresdx55sd888_firmwareqcn6402sa8155pcsra6640snapdragon_695_5g_mobile_platformvideo_collaboration_vc1_platformsrv1mssg2115p_firmwareqam8620p_firmwareqfw7124_firmwareqam8255psa4155pqep8111snapdragon_685_4g_mobile_platform_\(sm6225-ad\)snapdragon_782g_mobile_platform_\(sm7325-af\)_firmwarear8035_firmwareqcn5024_firmwaretalynplus_firmwarewsa8830snapdragon_662_mobile_platform_firmwareqcn9070sxr2230p_firmwaresa8145p_firmwareqam8650pmdm9628_firmwareflight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwareqcn6224_firmwareqca8082qcn9072qca8386qca9880_firmwareqca9992srv1l_firmwaresnapdragon_888_5g_mobile_platform_firmwareipq6000wcd9370ssg2115pqcn5152_firmwareqca6584au_firmwarewcn3990_firmwareqrb5165n_firmwaresnapdragon_8_gen_2_mobile_platformqca9984_firmwareqca9377qcn9000_firmwareqcn9160ipq9554qamsrv1hsa8530pwcd9385_firmwareimmersive_home_216_platformfastconnect_6200talynplusqamsrv1h_firmwareimmersive_home_316_platformipq8074aimmersive_home_318_platformqcn5124_firmwareqam8295p_firmwareqcn9011_firmwareqca8082_firmwaresa9000p_firmwareqcn5122_firmwaresa7255psdx55_firmwaresnapdragon_4_gen_2_mobile_platformqcn6023_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114wsa8845h_firmwaresnapdragon_778g_5g_mobile_platformqca6595ausnapdragon_680_4g_mobile_platform_firmwareqrb5165nsnapdragon_w5\+_gen_1_wearable_platform_firmwareipq5010qca6564au_firmwareqca6584ausa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcn9274snapdragon_x72_5g_modem-rf_systemsa8775p_firmwareipq8174qca9990qcs6490qcn5052qca9367video_collaboration_vc5_platformqcs8550_firmwareqcn6112_firmwarewcn3988_firmwareqcn9074srv1hsa6145p_firmwareqca8085fastconnect_6700_firmwaresa8195pwsa8810_firmwareqcn6224vision_intelligence_400_platformwsa8845hsnapdragon_x62_5g_modem-rf_systemwcd9395_firmwaresnapdragon_x75_5g_modem-rf_systemwcd9335snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresg4150pqcs7230qca8081snapdragon_x35_5g_modem-rf_systemsnapdragon_auto_5g_modem-rf_gen_2qcm4490qcn6023ipq8071asa7775psdx65m_firmwareqam8620pqca6174a_firmwaresa8770p_firmwareqca8085_firmwareipq5300ipq8071a_firmwareqcs5430immersive_home_3210_platformwcd9385qcs6490_firmwareqca9898_firmwarewcd9375ar8035csr8811ipq4019wcd9390qcn9100_firmwarevision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformipq5010_firmwareipq8074a_firmwarewsa8815_firmwareqcm6490wsa8835_firmwarevideo_collaboration_vc5_platform_firmwaresxr2250p_firmwareqca6564asa4150psnapdragon_8_gen_2_mobile_platform_firmwaresg4150p_firmwareqcm6125_firmwareqca6688aq_firmwareqcm4325robotics_rb5_platform_firmwarewcn3990qcn9000qcf8000_firmwareqca6554aqca6595ar9380_firmwareqcs7230_firmwareqcn9012sd888sa8530p_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwaresxr1230p_firmwarewsa8835sa8540p_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresnapdragon_auto_5g_modem-rfqcn6274sd_8_gen1_5gsnapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwareqcn6422snapdragon_4_gen_1_mobile_platform_firmwareqcn5154qca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwaresmart_audio_400_platformipq4018qca6574aqca9889qca6174asm7325pqcn6132_firmwareqca9888qca9994_firmwareqcc2076_firmwareipq8070a_firmwareipq8076_firmwaresa8650psa9000pqca6574_firmwareqca9886sm7325p_firmwaresxr2230pipq8076wsa8845_firmwareqcn9160_firmwareqca6175aqca6574a_firmwaresa8775pfastconnect_6200_firmwareqcn5152qrb5165msm7315qca6391snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)fastconnect_7800qcn9100snapdragon_x35_5g_modem-rf_system_firmwareqcm4490_firmwareqcn6274_firmwareqcm6490_firmwareipq5300_firmwarewsa8832_firmwareqcn9070_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqcn9011video_collaboration_vc1_platform_firmwareqcn6432_firmwareipq5312_firmwareqca6574ausnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwareqca9889_firmwaresa8155p_firmwareqcn5122ipq9574qcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm6125wsa8810ipq5332_firmwaresm8550psnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_680_4g_mobile_platformsm6370srv1m_firmwaresnapdragon_ar2_gen_1_platformqcn5022qam8650p_firmwareipq6010_firmwarewcn6740qca6696qcs8550sa6150pqca8075snapdragon_8_gen_3_mobile_platform_firmwareqcn9022_firmwareqcn6024qcn9022wcd9390_firmwareqcc2076qca9990_firmwareipq8070aqcn9072_firmwareipq6000_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareipq4029qcc2073qca6175a_firmwareSnapdragonqcn5024_firmwareqam8255p_firmwareqca9377_firmwaretalynplus_firmwaresnapdragon_662_mobile_platform_firmwaresa6150p_firmwaresa8145p_firmwaresxr2230p_firmwareipq4028_firmwaresg8275p_firmwareipq8173_firmwaremdm9628_firmwareflight_rb5_5g_platform_firmwareqcn6224_firmwareqca4024_firmwareqca9880_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwaresrv1l_firmwaresnapdragon_888_5g_mobile_platform_firmwareipq5028_firmwaresa8150p_firmwareqca6595au_firmwarecsra6620_firmwarecsra6640_firmwareqcm5430_firmwareqcn5152_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwarewcn3990_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareimmersive_home_316_platform_firmwareqamsrv1h_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareqcn5124_firmwareqam8295p_firmwareqcn9011_firmwareqca8082_firmwaresa9000p_firmwaresm7315_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqcn6422_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwaresnapdragon_695_5g_mobile_platform_firmwarewcd9375_firmwarewsa8845h_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca9367_firmwaresnapdragon_auto_5g_modem-rf_firmwareqcm8550_firmwareipq8078a_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6678aq_firmwaresmart_audio_400_platform_firmwaresa8775p_firmwareqrb5165m_firmwarewsa8840_firmwareipq4029_firmwaresa4155p_firmwareqcf8001_firmwareqcs8550_firmwareqcn6112_firmwarewcn3988_firmwaresa6145p_firmwaresa7775p_firmwarefastconnect_6700_firmwarewsa8810_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwareqca6698aq_firmwaresdx65m_firmwareqca6174a_firmwareipq8071a_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwareipq8068_firmwareqca9888_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6696_firmwareqcs6490_firmwareipq9008_firmwareqcn5154_firmwareqca9898_firmwareqcc710_firmwareqcn9100_firmwarevision_intelligence_400_platform_firmwarewsa8830_firmwareqca9992_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwareqcn5022_firmwaresa8295p_firmwaresxr2250p_firmwareimmersive_home_216_platform_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqcm6125_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca9985_firmwarerobotics_rb5_platform_firmwareipq4018_firmwareqca8337_firmwaresnapdragon_778g_5g_mobile_platform_firmwarewcd9380_firmwareqca7500_firmwareqca9980_firmwareqcf8000_firmwareipq8076a_firmwarear9380_firmwareqcs7230_firmwaresa8530p_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwaresxr1230p_firmwareqcn6402_firmwaresa8540p_firmwarecsr8811_firmwareipq9554_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwareipq4019_firmwaressg2125p_firmwareqcn6132_firmwareqca9994_firmwareqcn5052_firmwareqcn9012_firmwareqcc2076_firmwareipq8070a_firmwareqcn9274_firmwareqfw7114_firmwaresm6370_firmwarewcd9335_firmwareqcc2073_firmwareipq6018_firmwareipq8076_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm7325p_firmwarewsa8845_firmwareqcn9160_firmwareqxm8083_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_x62_5g_modem-rf_system_firmwareipq9574_firmwarewcn3980_firmwareimmersive_home_3210_platform_firmwareipq8064_firmwarewcn6740_firmwareqcm4490_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqcn6274_firmwareqcs4490_firmwareipq5300_firmwareqcm6490_firmwareipq8078_firmwaresa8650p_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8832_firmwarefastconnect_6900_firmwaresrv1h_firmwareipq6028_firmwareipq8072a_firmwareqca6797aq_firmwareipq5312_firmwareqcn6432_firmwareqca9889_firmwaresa8155p_firmwareqca6564a_firmwareipq8174_firmwareqcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcn6412_firmwaresw5100p_firmwareipq5332_firmwareqcs610_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareipq5302_firmwareqamsrv1m_firmwaresrv1m_firmwareqca9886_firmwareqam8650p_firmwareipq6010_firmwareqca6595_firmwareqcs5430_firmwareqca6391_firmwareimmersive_home_214_platform_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresd888_firmwareqcn9022_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwareqca9990_firmwareqcn9072_firmwareipq6000_firmwaressg2115p_firmwaresw5100_firmwareqcn9074_firmwareqam8620p_firmwareqcs410_firmwareqfw7124_firmwareqca6175a_firmwarear8035_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-33068
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.45%
||
7 Day CHG+0.02%
Published-04 Nov, 2024 | 10:04
Updated-07 Nov, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host Communication

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830qca6777aqsxr2230p_firmwareqca8337qam8650pqfw7124sg8275p_firmwareqcf8001qam8775pqamsrv1mqca6777aq_firmwareqcn6224_firmwareqcn5124wsa8840qca8082qca8386srv1l_firmwarewcn6755_firmwareqca6595au_firmwarevideo_collaboration_vc3_platformwcd9370ssg2115pqca6584au_firmwarewcn3990_firmwaresnapdragon_8_gen_2_mobile_platformqcn9000_firmwareqamsrv1hqca6554a_firmwarewcd9385_firmwareqam8295pwcn7881_firmwareqca8386_firmwareqamsrv1h_firmwarewcn3660bqca8084_firmwareqcn6412qcn5124_firmwareqca6688aqqam8295p_firmwaresa9000p_firmwaresnapdragon_429_mobile_platform_firmwareqca8082_firmwareqca6574au_firmwaresa7255pqcn6422_firmwarewsa8845h_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114qca8081_firmwareqca6595ausnapdragon_429_mobile_platformwcn7860qca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcn9274wcn7881snapdragon_x72_5g_modem-rf_systemqca6678aq_firmwaresa8775p_firmwareqcs6490wsa8840_firmwareqca6698aqvideo_collaboration_vc5_platformqcf8001_firmwareqcs8550_firmwaresm8635wcn7880_firmwaresrv1hqcn9074qca8085sdx65msa7775p_firmwarewcd9340sa8195pqcn6224vision_intelligence_400_platformwsa8845hwcn6755wcd9395_firmwarewcd9335snapdragon_x75_5g_modem-rf_systemsnapdragon_ar2_gen_1_platform_firmwaresm8750p_firmwaresm8750_firmwaresa8255p_firmwaresa6155pqcs7230snapdragon_auto_5g_modem-rf_gen_2qcf8000sdx65m_firmwaresa7775psxr2250pqca8081qca6698aq_firmwareqam8620pwcd9385wcd9341snapdragon_auto_5g_modem-rf_gen_2_firmwaresa8770p_firmwaresa8255pqca8085_firmwareqca6696_firmwareqcs6490_firmwareqam8775p_firmwareimmersive_home_3210_platformipq9008_firmwareqca6797aqar8035wcd9375wcd9390vision_intelligence_400_platform_firmwareqcc710_firmwarewsa8830_firmwarewcn3620_firmwarewsa8835_firmwarewcn3620sa8195p_firmwarevideo_collaboration_vc5_platform_firmwaresxr2250p_firmwaresa8295p_firmwarewcn7880snapdragon_8_gen_2_mobile_platform_firmwaresa8770pqca6787aq_firmwareqca6688aq_firmwarewcd9380_firmwareqca8337_firmwaressg2125pwcn3990qcn9000sdm429wqcf8000_firmwareqca6554aqca6595qca8084qcm8550qca6564auqcs7230_firmwareipq9008immersive_home_326_platform_firmwarewsa8835qca6574sxr1230p_firmwaresdm429w_firmwareqcn6402_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380qcn6274qcn6422snapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqca6574asxr1230pvideo_collaboration_vc3_platform_firmwaresg8275pwcd9335_firmwareqfw7114_firmwareqcn9274_firmwarewsa8845ipq5312sa8650psa9000pqca6574_firmwarewcd9340_firmwaresxr2230pwsa8845_firmwareqcs8250wcn3660b_firmwaresm8750psa8775pqca6574a_firmwareqcn9024ipq9574_firmwareqca6391immersive_home_3210_platform_firmwareipq5302sa8295pfastconnect_7800qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemwcn7861_firmwareqca6678aqwsa8832_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900srv1h_firmwarefastconnect_6900_firmwareqcn6432_firmwareqca6797aq_firmwareqca6574auipq5312_firmwaresa8155p_firmwaresrv1lipq9574qcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwaresnapdragon_8\+_gen_2_mobile_platformfastconnect_7800_firmwaresa8620pwsa8832qcn6412_firmwareipq5332_firmwaresm8550pipq5332ipq5302_firmwaresrv1m_firmwaresnapdragon_ar2_gen_1_platformqamsrv1m_firmwareimmersive_home_326_platformsm8750qam8650p_firmwareqcc710wcn7860_firmwareqca6595_firmwarewcn7861wcd9395qca6696qca6787aqqca6391_firmwareqcs8550wcd9370_firmwaresm8550p_firmwarewcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8155pqcn6402srv1mssg2115p_firmwareqcn9074_firmwareqam8620p_firmwareqfw7124_firmwareqam8255pqcn6432ar8035_firmwareSnapdragonqam8255p_firmwareqca8337_firmwarewcd9380_firmwaresxr2230p_firmwareqcf8000_firmwaresg8275p_firmwareqcs7230_firmwarear8035_firmwareqca6777aq_firmwareqcn6224_firmwareimmersive_home_326_platform_firmwaresxr1230p_firmwareqcn6402_firmwaresdm429w_firmwaresrv1l_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqca6584au_firmwarewcn3990_firmwareqcn9000_firmwarewcd9335_firmwareqcn9274_firmwareqfw7114_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcn7881_firmwareqca8386_firmwareqamsrv1h_firmwareqca6574_firmwarewcd9340_firmwareqca8084_firmwareqcn5124_firmwarewsa8845_firmwareqam8295p_firmwarewcn3660b_firmwareqca8082_firmwaresa9000p_firmwaresnapdragon_429_mobile_platform_firmwareqca6574au_firmwareqca6574a_firmwareqcn6422_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwareipq9574_firmwareimmersive_home_3210_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqca6678aq_firmwareqcn6274_firmwaresa8775p_firmwarewcn7861_firmwarewsa8840_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcf8001_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwareqca6797aq_firmwareipq5312_firmwareqcn6432_firmwarewcn7880_firmwaresa8155p_firmwaresa7775p_firmwareqcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresm8750_firmwaresm8750p_firmwarewcd9395_firmwareqcn6412_firmwareipq5332_firmwareipq5302_firmwareqca6698aq_firmwareqamsrv1m_firmwaresdx65m_firmwaresrv1m_firmwareqam8650p_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6696_firmwareqcs6490_firmwarewcn7860_firmwareqca6595_firmwareipq9008_firmwareqca6391_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqcc710_firmwarevision_intelligence_400_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewsa8830_firmwarewcd9390_firmwarewcn3620_firmwaresxr2250p_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwareqcn9074_firmwareqam8620p_firmwareqfw7124_firmwaresa8295p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqca6787aq_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-30416
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 08:07
Updated-13 Mar, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-416
Use After Free
CVE-2024-30809
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.19%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 00:00
Updated-27 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts.

Action-Not Available
Vendor-n/abento4Axiomatic Systems, LLC
Product-bento4n/abento4
CWE ID-CWE-416
Use After Free
CVE-2006-4434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.59% / 91.46%
||
7 Day CHG~0.00%
Published-29 Aug, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Action-Not Available
Vendor-sendmailn/a
Product-sendmailn/a
CWE ID-CWE-416
Use After Free
CVE-2024-26455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 00:00
Updated-12 May, 2025 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.

Action-Not Available
Vendor-treasuredatan/afluentd
Product-fluent_bitn/afluentbit
CWE ID-CWE-416
Use After Free
CVE-2024-24990
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.70%
||
7 Day CHG+0.01%
Published-14 Feb, 2024 | 16:30
Updated-08 May, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-nginx_open_sourcenginx_plusNGINX Open SourceNGINX Plus
CWE ID-CWE-416
Use After Free
CVE-2024-24266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.39%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-05 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-416
Use After Free
CVE-2024-24263
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.01%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-12 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c.

Action-Not Available
Vendor-chendotjsn/a
Product-lotos_webservern/a
CWE ID-CWE-416
Use After Free
CVE-2017-13711
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 76.55%
||
7 Day CHG~0.00%
Published-01 Sep, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemun/a
CWE ID-CWE-416
Use After Free
CVE-2010-0302
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.29% / 89.63%
||
7 Day CHG~0.00%
Published-05 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectRed Hat, Inc.Apple Inc.
Product-ubuntu_linuxenterprise_linuxfedoraenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopcupsenterprise_linux_eusmac_os_xmac_os_x_servern/a
CWE ID-CWE-416
Use After Free
CVE-2024-24262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.01%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-06 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.

Action-Not Available
Vendor-ireadern/a
Product-media-servern/a
CWE ID-CWE-416
Use After Free
CVE-2009-3553
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.85% / 92.68%
||
7 Day CHG~0.00%
Published-20 Nov, 2009 | 02:00
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.Fedora ProjectApple Inc.
Product-ubuntu_linuxdebian_linuxcupsfedoramac_os_xenterprise_linuxmac_os_x_servern/a
CWE ID-CWE-416
Use After Free
CVE-2021-1764
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 77.92%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:55
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-416
Use After Free
CVE-2024-10459
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 68.20%
||
7 Day CHG+0.09%
Published-29 Oct, 2024 | 12:19
Updated-31 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2023-42482
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 23.39%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2200exynos_2200_firmwaren/aexynos_2200
CWE ID-CWE-416
Use After Free
CVE-2023-42459
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:56
Updated-11 Apr, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed DATA submessage leads to bad-free error in Fast-DDS

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-eprosimaeProsima
Product-fast_ddsFast-DDS
CWE ID-CWE-415
Double Free
CWE ID-CWE-416
Use After Free
CWE ID-CWE-590
Free of Memory not on the Heap
CVE-2020-7469
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.61%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 11:55
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.

Action-Not Available
Vendor-n/aFreeBSD FoundationNetApp, Inc.
Product-freebsdclustered_data_ontapFreeBSD
CWE ID-CWE-416
Use After Free
CVE-2019-19768
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.85% / 82.28%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:38
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-416
Use After Free
CVE-2019-20006
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.10%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 21:55
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.

Action-Not Available
Vendor-ezxml_projectn/a
Product-ezxmln/a
CWE ID-CWE-416
Use After Free
CVE-2023-5728
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.24%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 12:47
Updated-13 Feb, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefox ESRFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2019-18408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.93% / 87.85%
||
7 Day CHG~0.00%
Published-24 Oct, 2019 | 13:37
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.libarchiveDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernellibarchiven/a
CWE ID-CWE-416
Use After Free
CVE-2022-32081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.89%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationFedora Project
Product-mariadbfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2023-52266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-30 Dec, 2023 | 00:00
Updated-09 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.

Action-Not Available
Vendor-hongliuliaon/a
Product-ehttpn/a
CWE ID-CWE-416
Use After Free
CVE-2019-1741
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:25
Updated-19 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-416
Use After Free
CVE-2019-17069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.79%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 00:00
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

Action-Not Available
Vendor-puttyn/aNetApp, Inc.openSUSE
Product-oncommand_unified_manager_core_packageputtyleapn/a
CWE ID-CWE-416
Use After Free
CVE-2019-16510
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.44%
||
7 Day CHG~0.00%
Published-19 Sep, 2019 | 15:39
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.

Action-Not Available
Vendor-mz-automationn/a
Product-libiec61850n/a
CWE ID-CWE-416
Use After Free
CVE-2022-27456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.48%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 12:57
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/Linux
Product-debian_linuxmariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2023-35943
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 0.61%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 18:26
Updated-24 Oct, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy vulnerable to CORS filter segfault when origin header is removed

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-416
Use After Free
CVE-2019-15890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.41%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 16:55
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

Action-Not Available
Vendor-libslirp_projectn/aQEMU
Product-libslirpqemun/a
CWE ID-CWE-416
Use After Free
CVE-2023-34494
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 45.06%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.

Action-Not Available
Vendor-emqxn/a
Product-nanomqn/a
CWE ID-CWE-416
Use After Free
CVE-2024-5702
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 73.05%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-04 Apr, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxFirefox ESRThunderbirdfirefoxthunderbirdfirefox_esr
CWE ID-CWE-416
Use After Free
CVE-2019-11810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 79.98%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 13:04
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-49288
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-3.25% / 86.61%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 22:49
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in HTTP Collapsed Forwarding in Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.

Action-Not Available
Vendor-Squid Cache
Product-squidsquid
CWE ID-CWE-416
Use After Free
CVE-2023-2912
Matching Score-4
Assigner-Secomea A/S
ShareView Details
Matching Score-4
Assigner-Secomea A/S
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 40.41%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 12:31
Updated-22 Oct, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiteManager Embedded service disruption

Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.

Action-Not Available
Vendor-Secomea A/S
Product-sitemanager_embeddedSiteManager Embedded
CWE ID-CWE-416
Use After Free
CVE-2023-52115
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.80%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 08:22
Updated-13 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-416
Use After Free
CVE-2025-54635
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 2.25%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:30
Updated-11 Aug, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of returning released pointers in the distributed notification service. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-416
Use After Free
CVE-2024-32974
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.01% / 2.10%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 21:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-416
Use After Free
CVE-2018-25028
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.06%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:54
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.

Action-Not Available
Vendor-libpulse-binding_projectn/a
Product-libpulse-bindingn/a
CWE ID-CWE-416
Use After Free
CVE-2025-52946
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.06% / 17.61%
||
7 Day CHG~0.00%
Published-11 Jul, 2025 | 14:39
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: With traceoptions enabled, receipt of malformed AS PATH causes RPD crash

A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BGP update with a specifically malformed AS PATH to cause rpd to crash, resulting in a Denial of Service (DoS). Continuous receipt of the malformed AS PATH attribute will cause a sustained DoS condition. On all Junos OS and Junos OS Evolved platforms, the rpd process will crash and restart when a specifically malformed AS PATH is received within a BGP update and traceoptions are enabled. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not impacted by this issue. This issue affects:  Junos OS: * All versions before 21.2R3-S9,  * all versions of 21.4, * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S4,  * from 24.2 before 24.2R2;  Junos OS Evolved:  * All versions before 22.4R3-S5-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S4-EVO,  * from 24.2-EVO before 24.2R2-EVO. This is a more complete fix for previously published CVE-2024-39549 (JSA83011).

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-Junos OSJunos OS Evolved
CWE ID-CWE-416
Use After Free
CVE-2024-27284
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.99%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 15:46
Updated-01 Apr, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cassandra-rs non-idiomatic use of iterators leads to use after free

cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0.

Action-Not Available
Vendor-cassandra-rs_projectMetaswitchcassandra-rs
Product-cassandra-rscassandra-rscassandra-rs
CWE ID-CWE-416
Use After Free
CVE-2022-48340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.56%
||
7 Day CHG-0.02%
Published-21 Feb, 2023 | 00:00
Updated-14 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.

Action-Not Available
Vendor-glustern/a
Product-glusterfsn/a
CWE ID-CWE-416
Use After Free
CVE-2022-44547
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.43%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
CVE-2022-44550
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.13%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
CVE-2024-23322
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.72%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 22:51
Updated-01 Aug, 2024 | 22:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy crashes when idle and request per try timeout occur within the backoff interval

Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-416
Use After Free
CVE-2024-24260
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.01%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-26 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.

Action-Not Available
Vendor-ireadern/amedia-server_project
Product-media-servern/amedia-server
CWE ID-CWE-416
Use After Free
CVE-2022-45407
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.64%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found