CWE · MITRE source
CWE-416Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: full · 9 mapping(s) from 5 framework(s): ATT&CK 5 (mostly) · ASVS 5.0 1 (full) · STIG rhel 9 1 (mostly) · STIG oracle linux 8 1 (partial) · STIG rhel 8 1 (partial)
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SI-16 | Memory Protection | SI | Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR. |
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2009-4324 KEV | 10.0 | 7.8 | 0.8186 | 2009-12-15 |
CVE-2010-0249 KEV | 10.0 | 8.8 | 0.9188 | 2010-01-15 |
CVE-2010-0806 KEV | 10.0 | 8.8 | 0.8217 | 2010-03-10 |
CVE-2010-3962 KEV | 10.0 | 8.1 | 0.9689 | 2010-11-05 |
CVE-2012-4969 KEV | 10.0 | 8.1 | 0.8172 | 2012-09-18 |
CVE-2012-4792 KEV | 10.0 | 8.8 | 0.7882 | 2012-12-30 |
CVE-2013-2551 KEV | 10.0 | 8.8 | 0.7410 | 2013-03-11 |
CVE-2013-1347 KEV | 10.0 | 8.8 | 0.7789 | 2013-05-05 |
CVE-2013-3893 KEV | 10.0 | 8.8 | 0.8593 | 2013-09-18 |
CVE-2013-3897 KEV | 10.0 | 8.8 | 0.7746 | 2013-10-09 |
CVE-2014-0496 KEV | 10.0 | 8.8 | 0.4024 | 2014-01-15 |
CVE-2014-0322 KEV | 10.0 | 8.8 | 0.8524 | 2014-02-14 |
CVE-2014-1776 KEV | 10.0 | 9.8 | 0.8801 | 2014-04-27 |
CVE-2014-8439 KEV | 10.0 | 8.8 | 0.2001 | 2014-11-25 |
CVE-2015-0313 KEV | 10.0 | 9.8 | 0.9568 | 2015-02-02 |
CVE-2015-2360 KEV | 10.0 | 8.8 | 0.1496 | 2015-06-10 |
CVE-2015-5119 KEV | 10.0 | 9.8 | 0.9934 | 2015-07-08 |
CVE-2015-5122 KEV | 10.0 | 9.8 | 0.9369 | 2015-07-14 |
CVE-2015-5123 KEV | 10.0 | 9.8 | 0.1849 | 2015-07-14 |
CVE-2016-0984 KEV | 10.0 | 8.8 | 0.5537 | 2016-02-10 |
CVE-2016-7855 KEV | 10.0 | 8.8 | 0.2520 | 2016-11-01 |
CVE-2016-7892 KEV | 10.0 | 8.8 | 0.1879 | 2016-12-15 |
CVE-2017-0261 KEV | 10.0 | 7.8 | 0.7813 | 2017-05-12 |
CVE-2017-0263 KEV | 10.0 | 7.8 | 0.1003 | 2017-05-12 |
CVE-2018-4878 KEV | 10.0 | 7.8 | 0.8962 | 2018-02-06 |