CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-9J53-7WPR-H42C
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-62219"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T18:15:49Z",
"severity": "HIGH"
},
"details": "Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-9j53-7wpr-h42c",
"modified": "2025-11-11T18:30:23Z",
"published": "2025-11-11T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62219"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62219"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9JWP-F88Q-J572
Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31In the Linux kernel, the following vulnerability has been resolved:
HID: elan: Fix potential double free in elan_input_configured
'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will be a double free.
According to the doc of devm_input_allocate_device(): * Managed input devices do not need to be explicitly unregistered or * freed as it will be done automatically when owner device unbinds from * its driver (or binding fails).
{
"affected": [],
"aliases": [
"CVE-2022-49508"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:26Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: elan: Fix potential double free in elan_input_configured\n\n\u0027input\u0027 is a managed resource allocated with devm_input_allocate_device(),\nso there is no need to call input_free_device() explicitly or\nthere will be a double free.\n\nAccording to the doc of devm_input_allocate_device():\n * Managed input devices do not need to be explicitly unregistered or\n * freed as it will be done automatically when owner device unbinds from\n * its driver (or binding fails).",
"id": "GHSA-9jwp-f88q-j572",
"modified": "2025-03-17T18:31:51Z",
"published": "2025-03-17T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49508"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c92ec22a991778a096342cf1a917ae36c5c86a90"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1d4f19a796551edc6679a681ea1756b8c578c08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9M47-29XF-M969
Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart.
This issue affects Junos OS on SRX and MX Series:
- all versions before 22.4R3-S7,
- 23.2 versions before 23.2R2-S3,
- 23.4 versions before 23.4R2-S4,
- 24.2 versions before 24.2R2.
{
"affected": [],
"aliases": [
"CVE-2026-21918"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-15T21:16:08Z",
"severity": "HIGH"
},
"details": "A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart.\n\n\n\n\n\nThis issue affects Junos OS on SRX and MX Series:\n\n\n\n * all versions before 22.4R3-S7,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S4,\n * 24.2 versions before 24.2R2.",
"id": "GHSA-9m47-29xf-m969",
"modified": "2026-01-15T21:31:48Z",
"published": "2026-01-15T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21918"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA106018"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA106018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9P34-3252-9GH9
Vulnerability from github – Published: 2022-05-14 03:18 – Updated: 2022-05-14 03:18openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2018-9336"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-01T18:29:00Z",
"severity": "HIGH"
},
"details": "openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.",
"id": "GHSA-9p34-3252-9gh9",
"modified": "2022-05-14T03:18:40Z",
"published": "2022-05-14T03:18:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9336"
},
{
"type": "WEB",
"url": "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24"
},
{
"type": "WEB",
"url": "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2018-09"
},
{
"type": "WEB",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2018\u0026m=slackware-security.568761"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9QF5-3C29-69QJ
Vulnerability from github – Published: 2024-02-20 18:30 – Updated: 2025-11-04 21:31A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-22097"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-20T16:15:08Z",
"severity": "CRITICAL"
},
"details": "A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-9qf5-3c29-69qj",
"modified": "2025-11-04T21:31:10Z",
"published": "2024-02-20T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22097"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1917"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9RCJ-3RH9-CJ4G
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-7523"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-21T20:29:00Z",
"severity": "MODERATE"
},
"details": "In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.",
"id": "GHSA-9rcj-3rh9-cj4g",
"modified": "2022-05-13T01:31:51Z",
"published": "2022-05-13T01:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7523"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103394"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9RCR-WWR3-Q567
Vulnerability from github – Published: 2022-09-01 00:00 – Updated: 2022-09-07 00:01There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
{
"affected": [],
"aliases": [
"CVE-2022-2519"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-31T16:15:00Z",
"severity": "MODERATE"
},
"details": "There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1",
"id": "GHSA-9rcr-wwr3-q567",
"modified": "2022-09-07T00:01:51Z",
"published": "2022-09-01T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2519"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:0095"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:0302"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-2519"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122789"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/423"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5333"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9RVP-RQGC-789G
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:48Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-7080"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-24T19:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-9rvp-rqgc-789g",
"modified": "2024-04-04T00:48:46Z",
"published": "2022-05-24T16:46:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7080"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9VM4-7H35-5G6C
Vulnerability from github – Published: 2023-02-25 06:30 – Updated: 2025-03-20 21:31In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
{
"affected": [],
"aliases": [
"CVE-2023-26545"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-25T04:15:00Z",
"severity": "HIGH"
},
"details": "In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.",
"id": "GHSA-9vm4-7h35-5g6c",
"modified": "2025-03-20T21:31:38Z",
"published": "2023-02-25T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26545"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230316-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9VX5-GCCR-9GR3
Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2025-04-03 04:01Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2004-0642"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-09-28T04:00:00Z",
"severity": "HIGH"
},
"details": "Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.",
"id": "GHSA-9vx5-gccr-9gr3",
"modified": "2025-04-03T04:01:13Z",
"published": "2022-04-29T02:58:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0642"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17157"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10709"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4936"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=109508872524753\u0026w=2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2004-350.html"
},
{
"type": "WEB",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2004/dsa-543"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/795632"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/11078"
},
{
"type": "WEB",
"url": "http://www.trustix.net/errata/2004/0045"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-247A.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.