Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

967 vulnerabilities reference this CWE, most recent first.

GHSA-CJQ9-CHQC-G9RX

Vulnerability from github – Published: 2024-11-12 21:30 – Updated: 2024-11-12 21:30
VLAI
Details

Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T20:15:08Z",
    "severity": "HIGH"
  },
  "details": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-cjq9-chqc-g9rx",
  "modified": "2024-11-12T21:30:54Z",
  "published": "2024-11-12T21:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47426"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CM86-4H8Q-3P8F

Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-01-14 00:02
VLAI
Details

There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "HIGH"
  },
  "details": "There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.",
  "id": "GHSA-cm86-4h8q-3p8f",
  "modified": "2022-01-14T00:02:44Z",
  "published": "2022-01-11T00:01:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40038"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/1"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CMRR-H89W-FC55

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28
VLAI
Details

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-4343"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-14T05:01:00Z",
    "severity": "HIGH"
  },
  "details": "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.",
  "id": "GHSA-cmrr-h89w-fc55",
  "modified": "2022-05-13T01:28:50Z",
  "published": "2022-05-13T01:28:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4343"
    },
    {
      "type": "WEB",
      "url": "https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121876"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95211"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2014-0345.html"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc"
    },
    {
      "type": "WEB",
      "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7969"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59102"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60082"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60448"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61052"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201412-53.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15553.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-3000"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/109390"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/69159"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030706"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CPCP-G87H-G6H3

Vulnerability from github – Published: 2021-11-25 00:00 – Updated: 2021-11-28 00:00
VLAI
Details

An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43268"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-24T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.",
  "id": "GHSA-cpcp-g87h-g6h3",
  "modified": "2021-11-28T00:00:22Z",
  "published": "2021-11-25T00:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43268"
    },
    {
      "type": "WEB",
      "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2021-43268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CPRX-2QP7-3RGM

Vulnerability from github – Published: 2022-05-14 01:03 – Updated: 2022-05-14 01:03
VLAI
Details

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-0058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-02-11T03:01:00Z",
    "severity": "HIGH"
  },
  "details": "Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka \"Windows Cursor Object Double Free Vulnerability.\"",
  "id": "GHSA-cprx-2qp7-3rgm",
  "modified": "2022-05-14T01:03:13Z",
  "published": "2022-05-14T01:03:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0058"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100432"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72468"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CQJP-8GG8-RWV9

Vulnerability from github – Published: 2025-08-12 21:31 – Updated: 2025-08-12 21:31
VLAI
Details

A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and before 1.0.3 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-45584"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T19:15:27Z",
    "severity": "MODERATE"
  },
  "details": "A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and before 1.0.3 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.",
  "id": "GHSA-cqjp-8gg8-rwv9",
  "modified": "2025-08-12T21:31:20Z",
  "published": "2025-08-12T21:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45584"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-209"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CRFX-F3QH-PFJ6

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0437"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-13T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330",
  "id": "GHSA-crfx-f3qh-pfj6",
  "modified": "2022-05-24T17:47:12Z",
  "published": "2022-05-24T17:47:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0437"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2021-04-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CRJM-8W39-C276

Vulnerability from github – Published: 2023-12-14 06:30 – Updated: 2025-11-04 21:30
VLAI
Details

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49937"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-14T05:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.",
  "id": "GHSA-crjm-8w39-c276",
  "modified": "2025-11-04T21:30:52Z",
  "published": "2023-12-14T06:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49937"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO"
    },
    {
      "type": "WEB",
      "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"
    },
    {
      "type": "WEB",
      "url": "https://www.schedmd.com/security-archive.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CV6V-Q3QG-36VR

Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34
VLAI
Details

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27730"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T18:16:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-cv6v-q3qg-36vr",
  "modified": "2025-04-08T18:34:52Z",
  "published": "2025-04-08T18:34:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27730"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27730"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CV7X-6RC6-PQ5V

Vulnerability from github – Published: 2021-08-25 20:53 – Updated: 2023-06-13 17:00
VLAI
Summary
Double free in containers
Details

Upon panic in a user-provided function f, fn mutate() & fn mutate2 drops twice a same object.

Affected versions of this crate did not guard against double drop while temporarily duplicating an object's ownership with ptr::read().

Dropping a same object can result in memory corruption.

The flaw was corrected in version "0.9.11" by fixing the code to abort upon panic.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "containers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25907"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T18:40:39Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Upon panic in a user-provided function f, fn mutate() \u0026 fn mutate2 drops twice a same object.\n\nAffected versions of this crate did not guard against double drop while temporarily duplicating an object\u0027s ownership with ptr::read().\n\nDropping a same object can result in memory corruption.\n\nThe flaw was corrected in version \"0.9.11\" by fixing the code to abort upon panic.",
  "id": "GHSA-cv7x-6rc6-pq5v",
  "modified": "2023-06-13T17:00:36Z",
  "published": "2021-08-25T20:53:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25907"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strake/containers.rs/issues/2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/strake/containers.rs"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Double free in containers"
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.