CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-F49C-87JH-G47Q
Vulnerability from github – Published: 2023-03-24 21:53 – Updated: 2023-03-27 21:23Impact
nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2 require the first and fourth elements of their parameter pooling_ratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported.
import tensorflow as tf
import os
import numpy as np
from tensorflow.python.ops import nn_ops
try:
arg_0_tensor = tf.random.uniform([3, 30, 50, 3], dtype=tf.float64)
arg_0 = tf.identity(arg_0_tensor)
arg_1_0 = 2
arg_1_1 = 3
arg_1_2 = 1
arg_1_3 = 1
arg_1 = [arg_1_0,arg_1_1,arg_1_2,arg_1_3,]
arg_2 = True
arg_3 = True
seed = 341261001
out = nn_ops.fractional_avg_pool_v2(arg_0,arg_1,arg_2,arg_3,seed=seed,)
except Exception as e:
print("Error:"+str(e))
Patches
We have patched the issue in GitHub commit ee50d1e00f81f62a4517453f721c634bbb478307.
The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability was reported by dmc1778, of nimashiri2012@gmail.com.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-25801"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-24T21:53:49Z",
"nvd_published_at": "2023-03-25T00:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n`nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\n\n```python\nimport tensorflow as tf\nimport os\nimport numpy as np\nfrom tensorflow.python.ops import nn_ops\ntry:\n arg_0_tensor = tf.random.uniform([3, 30, 50, 3], dtype=tf.float64)\n arg_0 = tf.identity(arg_0_tensor)\n arg_1_0 = 2\n arg_1_1 = 3\n arg_1_2 = 1\n arg_1_3 = 1\n arg_1 = [arg_1_0,arg_1_1,arg_1_2,arg_1_3,]\n arg_2 = True\n arg_3 = True\n seed = 341261001\n out = nn_ops.fractional_avg_pool_v2(arg_0,arg_1,arg_2,arg_3,seed=seed,)\nexcept Exception as e:\n print(\"Error:\"+str(e))\n```\n\n### Patches\nWe have patched the issue in GitHub commit [ee50d1e00f81f62a4517453f721c634bbb478307](https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307).\n\nThe fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability was reported by [dmc1778](https://github.com/dmc1778), of [nimashiri2012@gmail.com](mailto:nimashiri2012@gmail.com).\n",
"id": "GHSA-f49c-87jh-g47q",
"modified": "2023-03-27T21:23:48Z",
"published": "2023-03-24T21:53:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25801"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow has double free in Fractional(Max/Avg)Pool"
}
GHSA-F558-FW4F-VM2C
Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2024-08-19 18:32In the Linux kernel, the following vulnerability has been resolved:
selinux: fix double free of cond_list on error paths
On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NULL pointer deref. Fix this by resetting the cond_list_len to 0 in cond_list_destroy(), making subsequent calls a noop.
Also consistently reset the cond_list pointer to NULL after freeing.
[PM: fix line lengths in the description]
{
"affected": [],
"aliases": [
"CVE-2022-48740"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T12:15:12Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix double free of cond_list on error paths\n\nOn error path from cond_read_list() and duplicate_policydb_cond_list()\nthe cond_list_destroy() gets called a second time in caller functions,\nresulting in NULL pointer deref. Fix this by resetting the\ncond_list_len to 0 in cond_list_destroy(), making subsequent calls a\nnoop.\n\nAlso consistently reset the cond_list pointer to NULL after freeing.\n\n[PM: fix line lengths in the description]",
"id": "GHSA-f558-fw4f-vm2c",
"modified": "2024-08-19T18:32:03Z",
"published": "2024-06-20T12:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48740"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/186edf7e368c40d06cf727a1ad14698ea67b74ad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70caa32e6d81f45f0702070c0e4dfe945e92fbd7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ed9cbf7ac0d4ed86b356e1b944304ae9ee450d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f446089a268c8fc6908488e991d28a9b936293db"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F6M2-5V5J-RHF2
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2022-05-24 16:58GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
{
"affected": [],
"aliases": [
"CVE-2019-17545"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-14T02:15:00Z",
"severity": "HIGH"
},
"details": "GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.",
"id": "GHSA-f6m2-5v5j-rhf2",
"modified": "2022-05-24T16:58:44Z",
"published": "2022-05-24T16:58:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17545"
},
{
"type": "WEB",
"url": "https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB7RRPCQP253XA5MYUOLHLRPKNGKVZNT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVRC3EBQBFBVQC26XJE3AI3KQXC2NGTP"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F6R7-G7PJ-VHJX
Vulnerability from github – Published: 2022-05-01 01:53 – Updated: 2024-02-02 15:30Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
{
"affected": [],
"aliases": [
"CVE-2005-0891"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-05-02T04:00:00Z",
"severity": "MODERATE"
},
"details": "Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.",
"id": "GHSA-f6r7-g7pj-vhjx",
"modified": "2024-02-02T15:30:26Z",
"published": "2022-05-01T01:53:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0891"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9710"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000958"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17657"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-343.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-344.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/419771/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/12950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F74F-9CFW-P3XJ
Vulnerability from github – Published: 2022-05-02 03:26 – Updated: 2024-10-21 18:30Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2009-1544"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-08-12T17:30:00Z",
"severity": "HIGH"
},
"details": "Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka \"Workstation Service Memory Corruption Vulnerability.\"",
"id": "GHSA-f74f-9cfw-p3xj",
"modified": "2024-10-21T18:30:41Z",
"published": "2022-05-02T03:26:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1544"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-041"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6286"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F77R-RQC9-53HH
Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2025-10-22 00:31Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
{
"affected": [],
"aliases": [
"CVE-2020-6820"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-24T16:15:00Z",
"severity": "MODERATE"
},
"details": "Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox \u003c 74.0.1, and Firefox ESR \u003c 68.6.1.",
"id": "GHSA-f77r-rqc9-53hh",
"modified": "2025-10-22T00:31:53Z",
"published": "2022-05-24T17:16:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6820"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1626728"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4335-1"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6820"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-11"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F7HP-QCV4-6W2Q
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.
{
"affected": [],
"aliases": [
"CVE-2023-44247"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:15:20Z",
"severity": "MODERATE"
},
"details": "A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.",
"id": "GHSA-f7hp-qcv4-6w2q",
"modified": "2024-05-14T18:31:02Z",
"published": "2024-05-14T18:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44247"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-23-195"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F8JG-RGWG-CPJG
Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-11 03:30A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2022-43454"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-10T20:15:13Z",
"severity": "HIGH"
},
"details": "A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-f8jg-rgwg-cpjg",
"modified": "2025-03-11T03:30:49Z",
"published": "2025-03-10T21:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43454"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/102741"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/102807"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/102808"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/102836"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FCV2-47VF-J6HQ
Vulnerability from github – Published: 2022-05-17 02:58 – Updated: 2022-05-17 02:58An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2016-8360"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-13T21:59:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code.",
"id": "GHSA-fcv2-47vf-j6hq",
"modified": "2022-05-17T02:58:50Z",
"published": "2022-05-17T02:58:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8360"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94394"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FFCQ-3472-R63J
Vulnerability from github – Published: 2024-06-25 03:31 – Updated: 2024-07-03 18:46A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
{
"affected": [],
"aliases": [
"CVE-2024-23141"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-25T02:15:11Z",
"severity": "HIGH"
},
"details": "A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.",
"id": "GHSA-ffcq-3472-r63j",
"modified": "2024-07-03T18:46:47Z",
"published": "2024-06-25T03:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23141"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.