VariantStableTop 25 #8
CWE-416Use After Free
Category: memory
Description
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Common consequences· 4
- Integrity — Modify MemoryThe use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere.
- Availability — DoS: Crash, Exit, or RestartIf chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information.
- Confidentiality — Read MemoryRead operations on freed memory can sometimes leak sensitive information instead of causing a crash
- Integrity / Confidentiality / Availability — Execute Unauthorized Code or CommandsIf malicious data is entered before chunk consolidation can take place, it may be possible to take advantage of a write-what-where primitive to execute arbitrary code. If the newly allocated data happens to hold a class, in C++ for example, various function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved.
Potential mitigations· 2
- [Architecture and Design]Choose a language that provides automatic memory management.
- [Implementation]When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
References
(incoming)150
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0074cve-2025-0074 | 0% | live |
| Vulnerability | CVE-2025-0075cve-2025-0075 | 0% | live |
| Vulnerability | CVE-2025-0084cve-2025-0084 | 0% | live |
| Vulnerability | CVE-2025-0151cve-2025-0151 | 0% | live |
| Vulnerability | CVE-2025-0634cve-2025-0634 | 0% | live |
| Vulnerability | CVE-2025-0762cve-2025-0762 | 0% | live |
| Vulnerability | CVE-2025-0899cve-2025-0899 | 0% | live |
| Vulnerability | CVE-2025-0995cve-2025-0995 | 0% | live |
| Vulnerability | CVE-2025-0997cve-2025-0997 | 0% | live |
| Vulnerability | CVE-2025-1006cve-2025-1006 | 0% | live |
| Vulnerability | CVE-2025-1009cve-2025-1009 | 0% | live |
| Vulnerability | CVE-2025-1010cve-2025-1010 | 0% | live |
| Vulnerability | CVE-2025-10200cve-2025-10200 | 0% | live |
| Vulnerability | CVE-2025-1048cve-2025-1048 | 0% | live |
| Vulnerability | CVE-2025-10500cve-2025-10500 | 0% | live |
| Vulnerability | CVE-2025-10501cve-2025-10501 | 0% | live |
| Vulnerability | CVE-2025-11460cve-2025-11460 | 0% | live |
| Vulnerability | CVE-2025-11708cve-2025-11708 | 0% | live |
| Vulnerability | CVE-2025-11719cve-2025-11719 | 0% | live |
| Vulnerability | CVE-2025-11756cve-2025-11756 | 0% | live |
| Vulnerability | CVE-2025-12380cve-2025-12380 | 0% | live |
| Vulnerability | CVE-2025-12438cve-2025-12438 | 0% | live |
| Vulnerability | CVE-2025-1290cve-2025-1290 | 0% | live |
| Vulnerability | CVE-2025-13014cve-2025-13014 | 0% | live |
| Vulnerability | CVE-2025-13020cve-2025-13020 | 0% | live |
| Vulnerability | CVE-2025-13633cve-2025-13633 | 0% | live |
| Vulnerability | CVE-2025-13638cve-2025-13638 | 0% | live |
| Vulnerability | CVE-2025-13952cve-2025-13952 | 0% | live |
| Vulnerability | CVE-2025-14321cve-2025-14321 | 0% | live |
| Vulnerability | CVE-2025-14326cve-2025-14326 | 0% | live |
Showing top 30 of 150 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.