Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-825 (无效指针解引用) — Vulnerability Class 26

26 vulnerabilities classified as CWE-825 (无效指针解引用). AI Chinese analysis included.

CWE-825, Expired Pointer Dereference, is a memory safety weakness where software accesses memory via a pointer after that memory has been deallocated. This vulnerability typically arises when developers fail to nullify pointers following memory release, allowing the program to retain references to freed resources. Attackers exploit this by triggering the initial deallocation and then manipulating the system to reallocate that specific memory address with malicious data. When the expired pointer is subsequently dereferenced, the application reads or overwrites unintended data, potentially leading to information disclosure, denial of service, or arbitrary code execution. To prevent this, developers must rigorously manage memory lifecycles by setting pointers to null immediately after freeing them, utilizing smart pointers in modern languages, and employing static analysis tools to detect dangling references before deployment.

MITRE CWE Description
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. When a product releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the product to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.
Common Consequences (3)
ConfidentialityRead Memory
If the expired pointer is used in a read operation, an attacker might be able to control data read in by the application.
AvailabilityDoS: Crash, Exit, or Restart
If the expired pointer references a memory location that is not accessible to the product, or points to a location that is "malformed" (such as NULL) or larger than expected by a read or write operation, then a crash may occur.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
If the expired pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
Mitigations (2)
Architecture and DesignChoose a language that provides automatic memory management.
ImplementationWhen freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
Examples (2)
The following code shows a simple example of a use after free error:
char* ptr = (char*)malloc (SIZE); if (err) { abrt = 1; free(ptr); } ... if (abrt) { logError("operation aborted before commit", ptr); }
Bad · C
The following code shows a simple example of a double free error:
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-7111 Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption — Text::CSV_XS 8.8AIHighAI2026-04-29
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption — Red Hat Enterprise Linux 10 7.8 High2026-04-23
CVE-2026-35094 Libinput: libinput: information disclosure via dangling pointer in lua plugin handling — Red Hat Enterprise Linux 10 3.3 Low2026-04-01
CVE-2026-5165 Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset — Red Hat Enterprise Linux 10 6.7 Medium2026-03-30
CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake — Red Hat Enterprise Linux 10 6.5 Medium2026-03-26
CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop') — ewe 7.5 High2026-03-20
CVE-2025-12119 Bulk write with options may read invalid memory — C Driver 6.8 Medium2025-11-18
CVE-2025-54770 Grub2: use-after-free in net_set_vlan — grub2 4.9 Medium2025-11-18
CVE-2025-61664 Grub2: missing unregister call for normal_exit command may lead to use-after-free — grub2 4.9 Medium2025-11-18
CVE-2025-61663 Grub2: missing unregister call for normal commands may lead to use-after-free — grub2 4.9 Medium2025-11-18
CVE-2025-54771 Grub2: use-after-free in grub_file_close() — grub2 4.9 Medium2025-11-18
CVE-2025-10911 Libxslt: use-after-free with key data stored cross-rvt 5.5 Medium2025-09-25
CVE-2025-49794 Libxml: heap use after free (uaf) leads to denial of service (dos) 9.1 Critical2025-06-16
CVE-2025-49795 Libxml: null pointer dereference leads to denial of service (dos) 7.5 High2025-06-16
CVE-2025-30653 Junos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crash — Junos OS 6.5 Medium2025-04-09
CVE-2024-45105 Lenovo ThinkSystem 安全漏洞 — HX5530 Appliance (ThinkAgile) BIOS 6.7 Medium2024-09-13
CVE-2024-8250 Expired Pointer Dereference in Wireshark — Wireshark 7.8 High2024-08-28
CVE-2024-39792 NGINX Plus MQTT vulnerability — NGINX Plus 7.5 High2024-08-14
CVE-2024-28889 BIG-IP SSL vulnerability — BIG-IP 5.9 Medium2024-05-08
CVE-2024-23310 Biosig Project libbiosig 安全漏洞 — libbiosig 9.8 Critical2024-02-20
CVE-2024-23638 SQUID-2023:11 Denial of Service in Cache Manager — squid 6.5 Medium2024-01-23
CVE-2023-48696 Azure RTOS USBX Remote Code Execution Vulnerability — usbx 6.7 Medium2023-12-05
CVE-2023-48694 Azure RTOS USBX Remote Code Execution Vulnerability — usbx 6.8 Medium2023-12-05
CVE-2023-20212 ClamAV 安全漏洞 — Cisco Secure Endpoint 7.5 High2023-08-18
CVE-2021-25443 Samsung SMR 资源管理错误漏洞 — Samsung Mobile Devices 5.3 -2021-08-05
CVE-2019-15691 TigerVNC 安全漏洞 — TigerVNC 7.2 -2019-12-26

Vulnerabilities classified as CWE-825 (无效指针解引用) represent 26 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.