Vulnerabilities
Use-After-Free
Also known as: UAF
Definition
A memory-safety bug where a program continues to use memory after it has been freed, often allowing attackers to control object state and hijack execution.
Examples
- CVE-2018-8174 (VBScript engine) — UAF exploited by APT actors.
- CVE-2022-0609 (Chrome animation) — UAF, used as a zero-day.
Related terms
Memory Corruption
An umbrella term for vulnerabilities where a program writes outside the bounds of intended memory, undermining type-safety, control flow, or data integrity.
Double Free
A memory-safety bug where the same heap chunk is freed twice, corrupting allocator metadata and often enabling arbitrary code execution.
Heap Overflow
A buffer overflow that occurs in dynamically allocated memory, often corrupting allocator metadata, function pointers, or object virtual tables.
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.
Secure Coding
Secure Coding — definition coming soon.
Vulnerability
A weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.