CVEbaza.plSłownik CWECWE-590
Common Weakness Enumeration

CWE-590

Free of Memory not on the Heap

Kategoria: VariantCVE: 19
Opis

Produkt wywołuje funkcję free() na wskaźniku do pamięci, która nie została przydzielona za pomocą powiązanych funkcji alokacji na stercie, takich jak malloc(), calloc() lub realloc(). To powoduje niezdefiniowane zachowanie i może prowadzić do awarii programu.

Description (EN)

The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().

Podatności CVE z CWE-590 (19)
9.8
CVSS
CRITICAL
CVE-2021-42377

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

pub. 2021-11-15
9.8
CVSS
CRITICAL
CVE-2020-6016

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.

pub. 2020-11-18
9.0
CVSS
CRITICAL
CVE-2025-32911

W bibliotece libsoup wykryto podatność typu use-after-free w funkcji soup_message_headers_get_content_disposition(). Umożliwia ona zdalnemu, nieuwierzytelnionemu atakującemu wywołanie uszkodzenia pamięci po stronie serwera HTTP korzystającego z libsoup.

pub. 2025-04-15
8.6
CVSS
HIGH
CVE-2023-42459

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

pub. 2023-10-16
8.1
CVSS
HIGH
CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

pub. 2022-06-16
7.8
CVSS
HIGH
CVE-2026-20810

Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

pub. 2026-01-13
7.8
CVSS
HIGH
CVE-2025-54899

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

pub. 2025-09-09
7.8
CVSS
HIGH
CVE-2021-3939

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.

pub. 2021-11-17
7.7
CVSS
HIGH
CVE-2022-31627

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

pub. 2022-07-28
7.5
CVSS
HIGH
CVE-2025-42994

SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.

pub. 2025-06-10
7.5
CVSS
HIGH
CVE-2025-42995

SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.

pub. 2025-06-10
7.5
CVSS
HIGH
CVE-2023-25565

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.

pub. 2023-02-14
7.0
CVSS
HIGH
CVE-2023-22291

An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

pub. 2023-04-05
6.3
CVSS
MEDIUM
CVE-2021-39218

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`.

pub. 2021-09-17
6.1
CVSS
MEDIUM
CVE-2026-47328

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.

pub. 2026-05-28
5.6
CVSS
MEDIUM
CVE-2025-42996

SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing low impact on confidentiality, integrity and availibility of the application.

pub. 2025-06-10
5.5
CVSS
MEDIUM
CVE-2025-7006

Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25022500. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

pub. 2026-06-12
5.5
CVSS
MEDIUM
CVE-2023-31973

yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.

pub. 2023-05-09
1.9
CVSS
LOW
CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

pub. 2025-06-09
Informacje
ID: CWE-590
Typ: Variant
Podatności: 19
MITRE CWE ↗
← Słownik CWE