Cwe 416

🧬 CWE Related 99

slug: cwe-416

Explanation

CWE-416は「メモリを解放した後にそのメモリを使ってしまう」欠陥です。 C/C++のような手動メモリ管理言語で頻発し、攻撃者はこれを利用して任意のコードを実行できることが多いです。ブラウザのJavaScriptエンジン (V8, JavaScriptCore) でよく見つかり、ブラウザ経由のゼロデイ攻撃の典型的な原因となります。

📌 Example

Pwn2Own (年次ハッキングコンテスト) で、毎年ブラウザに対するUse-After-Free 攻撃が成功し、賞金10万ドル超を獲得する事例が続いています。

🔗 Related links

MITRE CWE-416 公式ページ ↗

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 100

ID	Title	Severity	Detected
CVE-2012-4792 KEV	[KEV] Use-After-Free in Microsoft internet-explorer (CVE-2012-4792)	High	1 year ago
CVE-2022-2586 KEV	[KEV] Use-After-Free in Linux kernel (CVE-2022-2586)	High	1 year ago
CVE-2024-4610 KEV	[KEV] Use-After-Free in Arm mali-gpu-kernel-driver (CVE-2024-4610)	High	1 year ago
CVE-2024-1086 KEV	[KEV] Use-After-Free in Linux kernel (CVE-2024-1086)	High	1 year ago
CVE-2024-4671 KEV	[KEV] Use-After-Free in Google chromium (CVE-2024-4671)	High	1 year ago
CVE-2023-33063 KEV	[KEV] Use-After-Free in Qualcomm multiple-chipsets (CVE-2023-33063)	High	2 years ago
CVE-2022-22071 KEV	[KEV] Use-After-Free in Qualcomm multiple-chipsets (CVE-2022-22071)	High	2 years ago
CVE-2023-21608 KEV	[KEV] Use-After-Free in Adobe acrobat-and-reader (CVE-2023-21608)	High	2 years ago
CVE-2023-4211 KEV	[KEV] Use-After-Free in Arm mali-gpu-kernel-driver (CVE-2023-4211)	High	2 years ago
CVE-2023-36802 KEV	[KEV] Use-After-Free in Microsoft streaming-service-proxy (CVE-2023-36802)	High	2 years ago
CVE-2021-29256 KEV	[KEV] Use-After-Free in Arm mali-graphics-processing-unit-gpu (CVE-2021-29256)	High	2 years ago
CVE-2021-25394 KEV	[KEV] Use-After-Free in Samsung mobile-devices (CVE-2021-25394)	High	2 years ago
CVE-2016-9079 KEV	[KEV] Use-After-Free in Mozilla firefox (CVE-2016-9079)	High	2 years ago
CVE-2023-32373 KEV	[KEV] Use-After-Free in Apple multiple-products (CVE-2023-32373)	High	2 years ago
CVE-2023-29336 KEV	[KEV] Use-After-Free in Microsoft win32k (CVE-2023-29336)	High	3 years ago
CVE-2019-8526 KEV	[KEV] Use-After-Free in Apple macos (CVE-2019-8526)	High	3 years ago
CVE-2023-28205 KEV	[KEV] Use-After-Free in Apple multiple-products (CVE-2023-28205)	High	3 years ago
CVE-2022-38181 KEV	[KEV] Use-After-Free in Arm mali-graphics-processing-unit-gpu (CVE-2022-38181)	High	3 years ago
CVE-2023-0266 KEV	[KEV] Use-After-Free in Linux kernel (CVE-2023-0266)	High	3 years ago
CVE-2022-3038 KEV	[KEV] Use-After-Free in Google chromium-network-service (CVE-2022-3038)	High	3 years ago
CVE-2023-21674 KEV	[KEV] Use-After-Free in Microsoft windows (CVE-2023-21674)	High	3 years ago
CVE-2021-25370 KEV	[KEV] Use-After-Free in Samsung mobile-devices (CVE-2021-25370)	High	3 years ago
CVE-2019-8605 KEV	[KEV] Use-After-Free in Apple multiple-products (CVE-2019-8605)	High	3 years ago
CVE-2016-0984 KEV	[KEV] Use-After-Free in Adobe flash-player-and-air (CVE-2016-0984)	High	3 years ago
CVE-2021-1048 KEV	[KEV] Use-After-Free in Android kernel (CVE-2021-1048)	High	3 years ago
CVE-2021-0920 KEV	[KEV] Vulnerability in Android kernel (CVE-2021-0920)	High	3 years ago
CVE-2019-5786 KEV	[KEV] Use-After-Free in Google chrome-blink (CVE-2019-5786)	High	3 years ago
CVE-2019-13720 KEV	[KEV] Use-After-Free in Google chrome-webaudio (CVE-2019-13720)	High	3 years ago
CVE-2014-0322 KEV	[KEV] Use-After-Free in Microsoft internet-explorer (CVE-2014-0322)	High	4 years ago
CVE-2015-5123 KEV	[KEV] Use-After-Free in Adobe flash-player (CVE-2015-5123)	High	4 years ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →