CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-5PRQ-47X2-38GV
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2018-5379"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-19T13:29:00Z",
"severity": "CRITICAL"
},
"details": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.",
"id": "GHSA-5prq-47x2-38gv",
"modified": "2022-05-13T01:32:12Z",
"published": "2022-05-13T01:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5379"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0377"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"type": "WEB",
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3573-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"type": "WEB",
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103105"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5QCC-QGV2-388F
Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2022-03-01 00:01This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455.
{
"affected": [],
"aliases": [
"CVE-2021-46625"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-18T20:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455.",
"id": "GHSA-5qcc-qgv2-388f",
"modified": "2022-03-01T00:01:00Z",
"published": "2022-02-19T00:01:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46625"
},
{
"type": "WEB",
"url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-212"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5QXG-M35Q-XR56
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2024-07-18 00:31A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
{
"affected": [],
"aliases": [
"CVE-2021-3407"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-23T23:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.",
"id": "GHSA-5qxg-m35q-xr56",
"modified": "2024-07-18T00:31:19Z",
"published": "2022-05-24T17:42:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3407"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=703366"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCADE3VSPWCGTE5BV4KL273R5VK3GDKM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M44PNYCBL33OD7GC75XNE6CDS4VSGVWO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLC6MPH7YS6JPU427XOFRLF3KKZQUZJN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCADE3VSPWCGTE5BV4KL273R5VK3GDKM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M44PNYCBL33OD7GC75XNE6CDS4VSGVWO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLC6MPH7YS6JPU427XOFRLF3KKZQUZJN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-30"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=cee7cefc610d42fd383b3c80c12cbc675443176a"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5R2R-5WX4-7X33
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2025-02-14 18:30A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2022-4744"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-460"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-30T21:15:00Z",
"severity": "HIGH"
},
"details": "A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"id": "GHSA-5r2r-5wx4-7x33",
"modified": "2025-02-14T18:30:39Z",
"published": "2023-07-06T19:24:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4744"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230526-0009"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5R7W-J22R-58J4
Vulnerability from github – Published: 2025-01-06 18:31 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: fix double free in atmel_pmecc_create_user()
The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free.
{
"affected": [],
"aliases": [
"CVE-2024-56766"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T17:15:43Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: fix double free in atmel_pmecc_create_user()\n\nThe \"user\" pointer was converted from being allocated with kzalloc() to\nbeing allocated by devm_kzalloc(). Calling kfree(user) will lead to a\ndouble free.",
"id": "GHSA-5r7w-j22r-58j4",
"modified": "2025-11-03T21:32:04Z",
"published": "2025-01-06T18:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56766"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1562871ef613fa9492aa0310933eff785166a90e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d825a241e65f7e3072978729e79d735ec40b80e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6ea15205d7e2b811fbbdf79783f686f58abfb4b7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca9818554b0f33e87f38e4bfa2dac056692d46cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2f090ea57f8d6587e09d4066f740a8617767b3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d8e4771f99c0400a1873235704b28bb803c83d17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd45c87782738715d5e7c167f8dabf0814a7394a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-634Q-77FV-9CQ7
Vulnerability from github – Published: 2022-05-13 01:54 – Updated: 2022-05-13 01:54A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
{
"affected": [],
"aliases": [
"CVE-2018-16425"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-04T00:29:00Z",
"severity": "MODERATE"
},
"details": "A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",
"id": "GHSA-634q-77fv-9cq7",
"modified": "2022-05-13T01:54:14Z",
"published": "2022-05-13T01:54:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16425"
},
{
"type": "WEB",
"url": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5"
},
{
"type": "WEB",
"url": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html"
},
{
"type": "WEB",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-63XR-9HMX-V966
Vulnerability from github – Published: 2025-01-03 18:30 – Updated: 2025-01-03 21:30FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
{
"affected": [],
"aliases": [
"CVE-2024-35365"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-03T18:15:15Z",
"severity": "HIGH"
},
"details": "FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.",
"id": "GHSA-63xr-9hmx-v966",
"modified": "2025-01-03T21:30:40Z",
"published": "2025-01-03T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35365"
},
{
"type": "WEB",
"url": "https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5"
},
{
"type": "WEB",
"url": "https://gist.github.com/1047524396/d7d4ea8055b75c4a9f9bbcff31d21423"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/fftools/ffmpeg_mux_init.c#L886"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-64PH-QR47-QXH4
Vulnerability from github – Published: 2026-03-17 21:31 – Updated: 2026-03-17 21:31A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk.
{
"affected": [],
"aliases": [
"CVE-2026-4358"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-17T20:16:15Z",
"severity": "MODERATE"
},
"details": "A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk.",
"id": "GHSA-64ph-qr47-qxh4",
"modified": "2026-03-17T21:31:46Z",
"published": "2026-03-17T21:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4358"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-118849"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-65M4-497R-HV9H
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2026-06-19 15:33A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-27033"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-09T15:15:00Z",
"severity": "HIGH"
},
"details": "A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",
"id": "GHSA-65m4-497r-hv9h",
"modified": "2026-06-19T15:33:07Z",
"published": "2022-05-24T19:07:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27033"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-65XH-8R3W-XRF3
Vulnerability from github – Published: 2024-10-25 12:31 – Updated: 2024-10-25 18:30In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-44098"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-25T11:15:16Z",
"severity": "HIGH"
},
"details": "In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-65xh-8r3w-xrf3",
"modified": "2024-10-25T18:30:48Z",
"published": "2024-10-25T12:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44098"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.