LIVE NEWSROOM · --:-- · May 24, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CWE WEAKNESSES  /  CWE-416

CWE-416

Use After Free

Variant EXPLOIT LIKELIHOOD: HIGH

What it is

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Impact

IntegrityModify Memory
AvailabilityDoS: Crash, Exit, or Restart
ConfidentialityRead Memory
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands

Mitigations

  • [Architecture and Design] Choose a language that provides automatic memory management.
  • [Implementation] When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

Real-world CVE examples

  • CVE-2023-38160 — TCP/IP code for an OS has a use-after-free that can leak heap memory contents
  • CVE-2022-20141 — Chain: an operating system kernel has insufficent resource locking (CWE-413) leading to a use after free (CWE-416).
  • CVE-2022-2621 — Chain: two threads in a web browser use the same resource (CWE-366), but one of those threads can destroy the resource before the other has completed (CWE-416).
  • CVE-2021-0920 — Chain: mobile platform race condition (CWE-362) leading to use-after-free (CWE-416), as exploited in the wild per CISA KEV.
  • CVE-2020-6819 — Chain: race condition (CWE-362) leads to use-after-free (CWE-416), as exploited in the wild per CISA KEV.
  • CVE-2010-4168 — Use-after-free triggered by closing a connection while data is still being transmitted.
  • CVE-2010-2941 — Improper allocation for invalid data leads to use-after-free.
  • CVE-2010-2547 — certificate with a large number of Subject Alternate Names not properly handled in realloc, leading to use-after-free
  • CVE-2010-1772 — Timers are not disabled when a related object is deleted
  • CVE-2010-1437 — Access to a "dead" object that is being cleaned up
  • CVE-2010-1208 — object is deleted even with a non-zero reference count, and later accessed
  • CVE-2010-0629 — use-after-free involving request containing an invalid version number

Related weaknesses

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →

Scroll to Top