CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-9W3X-5XRR-JFM6
Vulnerability from github – Published: 2022-05-14 03:31 – Updated: 2022-05-14 03:31Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.
{
"affected": [],
"aliases": [
"CVE-2017-17320"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-20T15:29:00Z",
"severity": "HIGH"
},
"details": "Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.",
"id": "GHSA-9w3x-5xrr-jfm6",
"modified": "2022-05-14T03:31:36Z",
"published": "2022-05-14T03:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17320"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C228-PG9X-PQ8R
Vulnerability from github – Published: 2025-02-11 18:31 – Updated: 2025-02-11 18:31Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21183"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T18:15:29Z",
"severity": "HIGH"
},
"details": "Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability",
"id": "GHSA-c228-pg9x-pq8r",
"modified": "2025-02-11T18:31:36Z",
"published": "2025-02-11T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21183"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21183"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C256-XP72-RP74
Vulnerability from github – Published: 2023-05-04 21:30 – Updated: 2024-04-04 03:48Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.
{
"affected": [],
"aliases": [
"CVE-2023-21500"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-04T21:15:10Z",
"severity": "MODERATE"
},
"details": "Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.",
"id": "GHSA-c256-xp72-rp74",
"modified": "2024-04-04T03:48:40Z",
"published": "2023-05-04T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21500"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C27J-MCJP-93GG
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30{
"affected": [],
"aliases": [
"CVE-2026-48850"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-25T21:16:35Z",
"severity": "LOW"
},
"details": "PuTTY 0.72 before 0.84 has a double free in RSA KEX.",
"id": "GHSA-c27j-mcjp-93gg",
"modified": "2026-05-26T13:30:50Z",
"published": "2026-05-26T13:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48850"
},
{
"type": "WEB",
"url": "https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html"
},
{
"type": "WEB",
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsakex-double-free.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-C27Q-JW2X-F8MW
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2023-01-19 18:30drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
{
"affected": [],
"aliases": [
"CVE-2019-15504"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-23T06:15:00Z",
"severity": "CRITICAL"
},
"details": "drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).",
"id": "GHSA-c27q-jw2x-f8mw",
"modified": "2023-01-19T18:30:21Z",
"published": "2022-05-24T16:54:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15504"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/lkml/20190819220230.10597-1-benquike@gmail.com"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190905-0002"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K33554143"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K33554143?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4157-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4157-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2JM-2FX3-H7G6
Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660.
{
"affected": [],
"aliases": [
"CVE-2018-0102"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-18T06:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660.",
"id": "GHSA-c2jm-2fx3-h7g6",
"modified": "2022-05-13T01:35:49Z",
"published": "2022-05-13T01:35:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0102"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102728"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040219"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2QF-PQ2Q-694F
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2018-8804"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-20T05:29:00Z",
"severity": "HIGH"
},
"details": "WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.",
"id": "GHSA-c2qf-pq2q-694f",
"modified": "2022-05-13T01:23:17Z",
"published": "2022-05-13T01:23:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8804"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1025"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103498"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C337-VG7C-WFQH
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
{
"affected": [],
"aliases": [
"CVE-2018-16402"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-03T19:29:00Z",
"severity": "CRITICAL"
},
"details": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.",
"id": "GHSA-c337-vg7c-wfqh",
"modified": "2022-05-13T01:04:42Z",
"published": "2022-05-13T01:04:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16402"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2197"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23528"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4012-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C3C4-J5V2-Q687
Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-11-19 18:31In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix double put of request
If a netfs request finishes during the pause loop, it will have the ref that belongs to the IN_PROGRESS flag removed at that point - however, if it then goes to the final wait loop, that will also put the ref because it sees that the IN_PROGRESS flag is clear and incorrectly assumes that this happened when it called the collector.
In fact, since IN_PROGRESS is clear, we shouldn't call the collector again since it's done all the cleanup, such as calling ->ki_complete().
Fix this by making netfs_collect_in_app() just return, indicating that we're done if IN_PROGRESS is removed.
{
"affected": [],
"aliases": [
"CVE-2025-38411"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T14:15:32Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix double put of request\n\nIf a netfs request finishes during the pause loop, it will have the ref\nthat belongs to the IN_PROGRESS flag removed at that point - however, if it\nthen goes to the final wait loop, that will *also* put the ref because it\nsees that the IN_PROGRESS flag is clear and incorrectly assumes that this\nhappened when it called the collector.\n\nIn fact, since IN_PROGRESS is clear, we shouldn\u0027t call the collector again\nsince it\u0027s done all the cleanup, such as calling -\u003eki_complete().\n\nFix this by making netfs_collect_in_app() just return, indicating that\nwe\u0027re done if IN_PROGRESS is removed.",
"id": "GHSA-c3c4-j5v2-q687",
"modified": "2025-11-19T18:31:16Z",
"published": "2025-07-25T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38411"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9df7b5ebead649b00bf9a53a798e4bf83a1318fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d18facba5a5795ad44b2a00a052e3db2fa77ab12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C3CW-C387-PJ65
Vulnerability from github – Published: 2021-08-25 20:43 – Updated: 2023-06-13 17:11Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees.
The flaw was corrected by wrapping elements inside queues in a ManuallyDrop.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "crossbeam"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-20996"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:24:34Z",
"nvd_published_at": "2019-08-26T18:15:11Z",
"severity": "CRITICAL"
},
"details": "Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees.\n\nThe flaw was corrected by wrapping elements inside queues in a ManuallyDrop.",
"id": "GHSA-c3cw-c387-pj65",
"modified": "2023-06-13T17:11:24Z",
"published": "2021-08-25T20:43:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20996"
},
{
"type": "WEB",
"url": "https://github.com/crossbeam-rs/crossbeam-epoch/issues/82"
},
{
"type": "PACKAGE",
"url": "https://github.com/crossbeam-rs/crossbeam-epoch"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2018-0009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in crossbeam"
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.