Cwe 416

🧬 CWE Related 99
slug: cwe-416

Explanation

CWE-416は「メモリを解放した後にそのメモリを使ってしまう」欠陥です。 C/C++のような手動メモリ管理言語で頻発し、攻撃者はこれを利用して任意のコードを実行できることが多いです。 ブラウザのJavaScriptエンジン (V8, JavaScriptCore) でよく見つかり、ブラウザ経由のゼロデイ攻撃の典型的な原因となります。
📌 Example
Pwn2Own (年次ハッキングコンテスト) で、毎年ブラウザに対するUse-After-Free 攻撃が成功し、賞金10万ドル超を獲得する事例が続いています。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,423

ID Title
CVE-2024-39503 Vulnerability in linux (CVE-2024-39503)
CVE-2022-2586 KEV [KEV] Use-After-Free in Linux kernel (CVE-2022-2586)
CVE-2024-38612 Use-After-Free in linux (CVE-2024-38612)
CVE-2024-4610 KEV [KEV] Use-After-Free in Arm :unknown: (CVE-2024-4610)
CVE-2024-30101 Microsoft Office Remote Code Execution Vulnerability
CVE-2024-36899 Vulnerability in linux (CVE-2024-36899)
CVE-2024-36904 Use-After-Free in c (CVE-2024-36904)
CVE-2024-1086 KEV [KEV] Use-After-Free in Linux kernel (CVE-2024-1086)
CVE-2024-35955 Use-After-Free in linux (CVE-2024-35955)
CVE-2024-35865 Use-After-Free in linux (CVE-2024-35865)
CVE-2024-35811 Use-After-Free in linux (CVE-2024-35811)
CVE-2024-35789 Use-After-Free in linux (CVE-2024-35789)
CVE-2024-27397 Use-After-Free in linux (CVE-2024-27397)
CVE-2024-27396 Use-After-Free in linux (CVE-2024-27396)
CVE-2024-27395 Use-After-Free in linux (CVE-2024-27395)
CVE-2024-4671 KEV [KEV] Use-After-Free in Google chromium (CVE-2024-4671)
CVE-2024-27052 Use-After-Free in linux (CVE-2024-27052)
CVE-2024-26961 Use-After-Free in c (CVE-2024-26961)
CVE-2024-26974 Vulnerability in linux (CVE-2024-26974)
CVE-2024-26958 Use-After-Free in c (CVE-2024-26958)
CVE-2024-26951 Use-After-Free in linux (CVE-2024-26951)
CVE-2024-26898 Use-After-Free in dos (CVE-2024-26898)
CVE-2024-26907 Use-After-Free in c (CVE-2024-26907)
CVE-2024-26895 Use-After-Free in csharp (CVE-2024-26895)
CVE-2024-26852 Use-After-Free in c (CVE-2024-26852)
CVE-2024-26875 Use-After-Free in c (CVE-2024-26875)
CVE-2024-26872 Use-After-Free in linux (CVE-2024-26872)
CVE-2024-26886 Use-After-Free in linux (CVE-2024-26886)
CVE-2020-36785 Vulnerability in linux (CVE-2020-36785)
CVE-2023-52447 Use-After-Free in linux (CVE-2023-52447)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →