CVE-2024-3861

MEDIUM Year: 2024
CVSS v3 Score
4.0
Medium
Weakness Type
CWE-416
View all →

Vulnerability Description

If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Related Vulnerabilities

CVE-2025-0240

MEDIUM
CVSS:4.0(Medium)

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6...

CWE-4162025

CVE-2020-25656

MEDIUM
CVSS:4.1(Medium)

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access o...

CWE-4162020

CVE-2022-1974

MEDIUM
CVSS:4.1(Medium)

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN ...

CWE-4162022

CVE-2022-28192

MEDIUM
CVSS:4.1(Medium)

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry ...

CWE-4162022

CVE-2023-3863

MEDIUM
CVSS:4.1(Medium)

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issu...

CWE-4162023

CVE-2023-48184

LOW
CVSS:3.9(Low)

QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.

CWE-4162023