Cwe 416

🧬 CWE Related 99

slug: cwe-416

Explanation

CWE-416は「メモリを解放した後にそのメモリを使ってしまう」欠陥です。 C/C++のような手動メモリ管理言語で頻発し、攻撃者はこれを利用して任意のコードを実行できることが多いです。ブラウザのJavaScriptエンジン (V8, JavaScriptCore) でよく見つかり、ブラウザ経由のゼロデイ攻撃の典型的な原因となります。

📌 Example

Pwn2Own (年次ハッキングコンテスト) で、毎年ブラウザに対するUse-After-Free 攻撃が成功し、賞金10万ドル超を獲得する事例が続いています。

🔗 Related links

MITRE CWE-416 公式ページ ↗

🔖 Related tags

Cwe 20125 Cwe 78120 Cwe 787105 Cwe 2296 Cwe 11990 Cwe 9484 Cwe 50270 Cwe 7966 Cwe 8954 Cwe 91844 Cwe 28443 Cwe 28741 Cwe 7740 Cwe 30638 Cwe 84337

🛡 Vulnerabilities tagged with this 100

ID	Title	Severity	Detected
CVE-2015-5122 KEV	[KEV] Use-After-Free in Adobe flash-player (CVE-2015-5122)	High	4 years ago
CVE-2015-0313 KEV	[KEV] Use-After-Free in Adobe flash-player (CVE-2015-0313)	High	4 years ago
CVE-2021-31166 KEV	[KEV] Use-After-Free in Microsoft http-protocol-stack (CVE-2021-31166)	High	4 years ago
CVE-2013-2551 KEV	[KEV] Use-After-Free in Microsoft internet-explorer (CVE-2013-2551)	High	4 years ago
CVE-2021-34486 KEV	[KEV] Use-After-Free in Microsoft windows (CVE-2021-34486)	High	4 years ago
CVE-2016-7892 KEV	[KEV] Use-After-Free in Adobe flash-player (CVE-2016-7892)	High	4 years ago
CVE-2022-26486 KEV	[KEV] Use-After-Free in Mozilla firefox (CVE-2022-26486)	High	4 years ago
CVE-2022-26485 KEV	[KEV] Use-After-Free in Mozilla firefox (CVE-2022-26485)	High	4 years ago
CVE-2017-0261 KEV	[KEV] Use-After-Free in Microsoft office (CVE-2017-0261)	High	4 years ago
CVE-2016-7855 KEV	[KEV] Use-After-Free in Adobe flash-player (CVE-2016-7855)	High	4 years ago
CVE-2022-0609 KEV	[KEV] Use-After-Free in Google chromium-animation (CVE-2022-0609)	High	4 years ago
CVE-2018-15982 KEV	[KEV] Use-After-Free in Adobe flash-player (CVE-2018-15982)	High	4 years ago
CVE-2022-22620 KEV	[KEV] Use-After-Free in Apple ios (CVE-2022-22620)	High	4 years ago
CVE-2017-0263 KEV	[KEV] Use-After-Free in Microsoft win32k (CVE-2017-0263)	High	4 years ago
CVE-2014-1776 KEV	[KEV] Use-After-Free in Microsoft internet-explorer (CVE-2014-1776)	High	4 years ago
CVE-2020-6572 KEV	[KEV] Use-After-Free in Google chrome-media (CVE-2020-6572)	High	4 years ago
CVE-2021-4102 KEV	[KEV] Use-After-Free in Google chromium-v8 (CVE-2021-4102)	High	4 years ago
CVE-2021-40449 KEV	[KEV] Use-After-Free in Microsoft windows (CVE-2021-40449)	High	4 years ago
CVE-2020-6819 KEV	[KEV] Vulnerability in Mozilla firefox-and-thunderbird (CVE-2020-6819)	High	4 years ago
CVE-2021-28550 KEV	[KEV] Use-After-Free in Adobe acrobat-and-reader (CVE-2021-28550)	High	4 years ago
CVE-2018-4878 KEV	[KEV] Use-After-Free in Adobe flash-player (CVE-2018-4878)	High	4 years ago
CVE-2019-2215 KEV	[KEV] Use-After-Free in android (CVE-2019-2215)	High	4 years ago
CVE-2019-0211 KEV	[KEV] Use-After-Free in Apache http-server (CVE-2019-0211)	High	4 years ago
CVE-2021-30858 KEV	[KEV] Use-After-Free in Apple ios (CVE-2021-30858)	High	4 years ago
CVE-2021-30762 KEV	[KEV] Use-After-Free in Apple ios (CVE-2021-30762)	High	4 years ago
CVE-2021-30661 KEV	[KEV] Use-After-Free in Apple multiple-products (CVE-2021-30661)	High	4 years ago
CVE-2021-28663 KEV	[KEV] Use-After-Free in Arm :unknown: (CVE-2021-28663)	High	4 years ago
CVE-2020-3992 KEV	[KEV] Use-After-Free in Vmware esxi (CVE-2020-3992)	High	4 years ago
CVE-2021-1905 KEV	[KEV] Use-After-Free in Qualcomm multiple-chipsets (CVE-2021-1905)	High	4 years ago
CVE-2020-16017 KEV	[KEV] Use-After-Free in Google chrome (CVE-2020-16017)	High	4 years ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →