Cwe 416

🧬 CWE Related 99
slug: cwe-416

Explanation

CWE-416は「メモリを解放した後にそのメモリを使ってしまう」欠陥です。 C/C++のような手動メモリ管理言語で頻発し、攻撃者はこれを利用して任意のコードを実行できることが多いです。 ブラウザのJavaScriptエンジン (V8, JavaScriptCore) でよく見つかり、ブラウザ経由のゼロデイ攻撃の典型的な原因となります。
📌 Example
Pwn2Own (年次ハッキングコンテスト) で、毎年ブラウザに対するUse-After-Free 攻撃が成功し、賞金10万ドル超を獲得する事例が続いています。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,423

ID Title
CVE-2022-22620 KEV [KEV] Use-After-Free in Apple ios (CVE-2022-22620)
CVE-2017-0263 KEV [KEV] Use-After-Free in Microsoft win32k (CVE-2017-0263)
CVE-2014-1776 KEV [KEV] Use-After-Free in Microsoft internet-explorer (CVE-2014-1776)
CVE-2020-6572 KEV [KEV] Use-After-Free in Google chrome-media (CVE-2020-6572)
CVE-2021-4102 KEV [KEV] Use-After-Free in Google chromium-v8 (CVE-2021-4102)
CVE-2021-40449 KEV [KEV] Use-After-Free in Microsoft windows (CVE-2021-40449)
CVE-2021-28550 KEV [KEV] Use-After-Free in Adobe acrobat-and-reader (CVE-2021-28550)
CVE-2018-4878 KEV [KEV] Use-After-Free in Adobe flash-player (CVE-2018-4878)
CVE-2019-2215 KEV [KEV] Use-After-Free in android (CVE-2019-2215)
CVE-2019-0211 KEV [KEV] Use-After-Free in Apache http-server (CVE-2019-0211)
CVE-2021-30858 KEV [KEV] Use-After-Free in Apple ios (CVE-2021-30858)
CVE-2021-30762 KEV [KEV] Use-After-Free in Apple ios (CVE-2021-30762)
CVE-2021-30661 KEV [KEV] Use-After-Free in Apple multiple-products (CVE-2021-30661)
CVE-2021-28663 KEV [KEV] Use-After-Free in Arm :unknown: (CVE-2021-28663)
CVE-2020-16017 KEV [KEV] Use-After-Free in Google chrome (CVE-2020-16017)
CVE-2021-30633 KEV [KEV] Use-After-Free in Google chromium-indexed-db-api (CVE-2021-30633)
CVE-2021-37973 KEV [KEV] Use-After-Free in Google chromium-portals (CVE-2021-37973)
CVE-2021-37975 KEV [KEV] Use-After-Free in Google chromium-v8 (CVE-2021-37975)
CVE-2021-30554 KEV [KEV] Use-After-Free in Google chromium-webgl (CVE-2021-30554)
CVE-2021-21206 KEV [KEV] Use-After-Free in Google chromium-blink (CVE-2021-21206)
CVE-2021-21193 KEV [KEV] Use-After-Free in Google chromium-blink (CVE-2021-21193)
CVE-2019-0708 KEV [KEV] Use-After-Free in Microsoft remote-desktop-services (CVE-2019-0708)
CVE-2021-26411 KEV [KEV] Use-After-Free in Microsoft internet-explorer (CVE-2021-26411)
CVE-2020-0674 KEV [KEV] Use-After-Free in Microsoft internet-explorer (CVE-2020-0674)
CVE-2019-1429 KEV [KEV] Use-After-Free in Microsoft internet-explorer (CVE-2019-1429)
CVE-2020-6819 KEV [KEV] Vulnerability in Mozilla firefox-and-thunderbird (CVE-2020-6819)
CVE-2021-1905 KEV [KEV] Use-After-Free in :linux_kernel:Qualcomm (CVE-2021-1905)
CVE-2020-3992 KEV [KEV] Use-After-Free in Vmware esxi (CVE-2020-3992)
CVE-2019-13721 Use-After-Free in google (CVE-2019-13721)
CVE-2019-18197 Use-After-Free in nokogiri (CVE-2019-18197)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →