Cyber Posture

CWE · MITRE source

CWE-416Use After Free

Abstraction: Variant · CVEs in our corpus: 6,953

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (1)AI

Control Title Family Why it addresses this CWE
SI-16Memory ProtectionSIUse-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2019-0708 KEV9.69.80.94452019-05-16
CVE-2021-22893 KEV9.610.00.93612021-04-23
CVE-2015-0313 KEV9.59.80.92542015-02-02
CVE-2015-5119 KEV9.59.80.93152015-07-08
CVE-2015-5122 KEV9.59.80.92782015-07-14
CVE-2021-31166 KEV9.59.80.93072021-05-11
CVE-2014-0322 KEV9.48.80.93202014-02-14
CVE-2020-3992 KEV9.49.80.90872020-10-20
CVE-2013-2551 KEV9.38.80.92242013-03-11
CVE-2021-26411 KEV9.38.80.92472021-03-11
CVE-2012-4792 KEV9.28.80.91242012-12-30
CVE-2018-4878 KEV9.27.80.93512018-02-06
CVE-2018-15982 KEV9.27.80.93612019-01-18
CVE-2009-4324 KEV9.17.80.92862009-12-15
CVE-2012-4969 KEV9.18.10.91782012-09-18
CVE-2013-3897 KEV9.18.80.88212013-10-09
CVE-2017-0261 KEV9.17.80.92302017-05-12
CVE-2019-13720 KEV9.18.80.89592019-11-25
CVE-2020-0674 KEV9.17.50.93782020-02-11
CVE-2021-40449 KEV9.17.80.91732021-10-13
CVE-2010-3962 KEV9.08.10.88912010-11-05
CVE-2013-1347 KEV9.08.80.87712013-05-05
CVE-2014-1776 KEV9.09.80.84022014-04-27
CVE-2019-0211 KEV9.07.80.90182019-04-08
CVE-2013-3893 KEV8.78.80.82612013-09-18