Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

967 vulnerabilities reference this CWE, most recent first.

GHSA-5PRQ-47X2-38GV

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32
VLAI
Details

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-19T13:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.",
  "id": "GHSA-5prq-47x2-38gv",
  "modified": "2022-05-13T01:32:12Z",
  "published": "2022-05-13T01:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5379"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0377"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
    },
    {
      "type": "WEB",
      "url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201804-17"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3573-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4115"
    },
    {
      "type": "WEB",
      "url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/940439"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103105"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5QCC-QGV2-388F

Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2022-03-01 00:01
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-18T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455.",
  "id": "GHSA-5qcc-qgv2-388f",
  "modified": "2022-03-01T00:01:00Z",
  "published": "2022-02-19T00:01:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46625"
    },
    {
      "type": "WEB",
      "url": "https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5QXG-M35Q-XR56

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2024-07-18 00:31
VLAI
Details

A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-23T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.",
  "id": "GHSA-5qxg-m35q-xr56",
  "modified": "2024-07-18T00:31:19Z",
  "published": "2022-05-24T17:42:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3407"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=703366"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCADE3VSPWCGTE5BV4KL273R5VK3GDKM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M44PNYCBL33OD7GC75XNE6CDS4VSGVWO"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLC6MPH7YS6JPU427XOFRLF3KKZQUZJN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCADE3VSPWCGTE5BV4KL273R5VK3GDKM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M44PNYCBL33OD7GC75XNE6CDS4VSGVWO"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLC6MPH7YS6JPU427XOFRLF3KKZQUZJN"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202105-30"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=cee7cefc610d42fd383b3c80c12cbc675443176a"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5R2R-5WX4-7X33

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2025-02-14 18:30
VLAI
Details

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415",
      "CWE-460"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-30T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.",
  "id": "GHSA-5r2r-5wx4-7x33",
  "modified": "2025-02-14T18:30:39Z",
  "published": "2023-07-06T19:24:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4744"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230526-0009"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5R7W-J22R-58J4

Vulnerability from github – Published: 2025-01-06 18:31 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: fix double free in atmel_pmecc_create_user()

The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T17:15:43Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: fix double free in atmel_pmecc_create_user()\n\nThe \"user\" pointer was converted from being allocated with kzalloc() to\nbeing allocated by devm_kzalloc().  Calling kfree(user) will lead to a\ndouble free.",
  "id": "GHSA-5r7w-j22r-58j4",
  "modified": "2025-11-03T21:32:04Z",
  "published": "2025-01-06T18:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56766"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1562871ef613fa9492aa0310933eff785166a90e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d825a241e65f7e3072978729e79d735ec40b80e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ea15205d7e2b811fbbdf79783f686f58abfb4b7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca9818554b0f33e87f38e4bfa2dac056692d46cc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2f090ea57f8d6587e09d4066f740a8617767b3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d8e4771f99c0400a1873235704b28bb803c83d17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd45c87782738715d5e7c167f8dabf0814a7394a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-634Q-77FV-9CQ7

Vulnerability from github – Published: 2022-05-13 01:54 – Updated: 2022-05-13 01:54
VLAI
Details

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-04T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",
  "id": "GHSA-634q-77fv-9cq7",
  "modified": "2022-05-13T01:54:14Z",
  "published": "2022-05-13T01:54:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16425"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63XR-9HMX-V966

Vulnerability from github – Published: 2025-01-03 18:30 – Updated: 2025-01-03 21:30
VLAI
Details

FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-03T18:15:15Z",
    "severity": "HIGH"
  },
  "details": "FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.",
  "id": "GHSA-63xr-9hmx-v966",
  "modified": "2025-01-03T21:30:40Z",
  "published": "2025-01-03T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35365"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/1047524396/d7d4ea8055b75c4a9f9bbcff31d21423"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/fftools/ffmpeg_mux_init.c#L886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-64PH-QR47-QXH4

Vulnerability from github – Published: 2026-03-17 21:31 – Updated: 2026-03-17 21:31
VLAI
Details

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-17T20:16:15Z",
    "severity": "MODERATE"
  },
  "details": "A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk.",
  "id": "GHSA-64ph-qr47-qxh4",
  "modified": "2026-03-17T21:31:46Z",
  "published": "2026-03-17T21:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4358"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-118849"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-65M4-497R-HV9H

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2026-06-19 15:33
VLAI
Details

A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27033"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-09T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",
  "id": "GHSA-65m4-497r-hv9h",
  "modified": "2026-06-19T15:33:07Z",
  "published": "2022-05-24T19:07:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27033"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/products/autodesk-access/overview"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-65XH-8R3W-XRF3

Vulnerability from github – Published: 2024-10-25 12:31 – Updated: 2024-10-25 18:30
VLAI
Details

In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-25T11:15:16Z",
    "severity": "HIGH"
  },
  "details": "In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-65xh-8r3w-xrf3",
  "modified": "2024-10-25T18:30:48Z",
  "published": "2024-10-25T12:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44098"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2024-10-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.