CWE-416β€”Use After Free

PUBLISHEDweakness recordHigh
released 2006-07-19 Β· last modified 2026-04-30
CWE-416 - Use After Free - Diagram

Metadata

CWE ID:
CWE-416
Abstraction:
Variant
Structure:
Simple
Status:
Stable
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

Use After Free

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Common Consequences

Scope:
Integrity
Impact:
Modify Memory
Notes:
The use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere.
Scope:
Availability
Impact:
DoS: Crash, Exit, or Restart
Notes:
If chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information.
Scope:
Confidentiality
Impact:
Read Memory
Notes:
Read operations on freed memory can sometimes leak sensitive information instead of causing a crash
Scope:
Integrity, Confidentiality, Availability
Impact:
Execute Unauthorized Code or Commands
Notes:
If malicious data is entered before chunk consolidation can take place, it may be possible to take advantage of a write-what-where primitive to execute arbitrary code. If the newly allocated data happens to hold a class, in C++ for example, various function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved.

Related Weaknesses