Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

967 vulnerabilities reference this CWE, most recent first.

GHSA-9J53-7WPR-H42C

Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30
VLAI
Details

Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T18:15:49Z",
    "severity": "HIGH"
  },
  "details": "Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-9j53-7wpr-h42c",
  "modified": "2025-11-11T18:30:23Z",
  "published": "2025-11-11T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62219"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62219"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JWP-F88Q-J572

Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: elan: Fix potential double free in elan_input_configured

'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will be a double free.

According to the doc of devm_input_allocate_device(): * Managed input devices do not need to be explicitly unregistered or * freed as it will be done automatically when owner device unbinds from * its driver (or binding fails).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:26Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: elan: Fix potential double free in elan_input_configured\n\n\u0027input\u0027 is a managed resource allocated with devm_input_allocate_device(),\nso there is no need to call input_free_device() explicitly or\nthere will be a double free.\n\nAccording to the doc of devm_input_allocate_device():\n * Managed input devices do not need to be explicitly unregistered or\n * freed as it will be done automatically when owner device unbinds from\n * its driver (or binding fails).",
  "id": "GHSA-9jwp-f88q-j572",
  "modified": "2025-03-17T18:31:51Z",
  "published": "2025-03-17T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49508"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c92ec22a991778a096342cf1a917ae36c5c86a90"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1d4f19a796551edc6679a681ea1756b8c578c08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9M47-29XF-M969

Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31
VLAI
Details

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart.

This issue affects Junos OS on SRX and MX Series:

  • all versions before 22.4R3-S7,
  • 23.2 versions before 23.2R2-S3,
  • 23.4 versions before 23.4R2-S4,
  • 24.2 versions before 24.2R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-15T21:16:08Z",
    "severity": "HIGH"
  },
  "details": "A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart.\n\n\n\n\n\nThis issue affects Junos OS on SRX and MX Series:\n\n\n\n  *  all versions before 22.4R3-S7,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2.",
  "id": "GHSA-9m47-29xf-m969",
  "modified": "2026-01-15T21:31:48Z",
  "published": "2026-01-15T21:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21918"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA106018"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA106018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9P34-3252-9GH9

Vulnerability from github – Published: 2022-05-14 03:18 – Updated: 2022-05-14 03:18
VLAI
Details

openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-01T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.",
  "id": "GHSA-9p34-3252-9gh9",
  "modified": "2022-05-14T03:18:40Z",
  "published": "2022-05-14T03:18:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9336"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b"
    },
    {
      "type": "WEB",
      "url": "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2018-09"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2018\u0026m=slackware-security.568761"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9QF5-3C29-69QJ

Vulnerability from github – Published: 2024-02-20 18:30 – Updated: 2025-11-04 21:31
VLAI
Details

A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-20T16:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-9qf5-3c29-69qj",
  "modified": "2025-11-04T21:31:10Z",
  "published": "2024-02-20T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22097"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1917"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9RCJ-3RH9-CJ4G

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-21T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.",
  "id": "GHSA-9rcj-3rh9-cj4g",
  "modified": "2022-05-13T01:31:51Z",
  "published": "2022-05-13T01:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7523"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103394"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9RCR-WWR3-Q567

Vulnerability from github – Published: 2022-09-01 00:00 – Updated: 2022-09-07 00:01
VLAI
Details

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-31T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1",
  "id": "GHSA-9rcr-wwr3-q567",
  "modified": "2022-09-07T00:01:51Z",
  "published": "2022-09-01T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2519"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:0095"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:0302"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2519"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122789"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/issues/423"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9RVP-RQGC-789G

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:48
VLAI
Details

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-24T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-9rvp-rqgc-789g",
  "modified": "2024-04-04T00:48:46Z",
  "published": "2022-05-24T16:46:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7080"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9VM4-7H35-5G6C

Vulnerability from github – Published: 2023-02-25 06:30 – Updated: 2025-03-20 21:31
VLAI
Details

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-25T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.",
  "id": "GHSA-9vm4-7h35-5g6c",
  "modified": "2025-03-20T21:31:38Z",
  "published": "2023-02-25T06:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26545"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230316-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9VX5-GCCR-9GR3

Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2025-04-03 04:01
VLAI
Details

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2004-0642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-09-28T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.",
  "id": "GHSA-9vx5-gccr-9gr3",
  "modified": "2025-04-03T04:01:13Z",
  "published": "2022-04-29T02:58:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0642"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17157"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10709"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4936"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=109508872524753\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-350.html"
    },
    {
      "type": "WEB",
      "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2004/dsa-543"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/795632"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/11078"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.net/errata/2004/0045"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-247A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.