Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

966 vulnerabilities reference this CWE, most recent first.

GHSA-H66H-VHXH-6FR4

Vulnerability from github – Published: 2023-11-15 21:35 – Updated: 2023-11-22 18:30
VLAI
Details

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-48013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-15T19:15:07Z",
    "severity": "HIGH"
  },
  "details": "GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.",
  "id": "GHSA-h66h-vhxh-6fr4",
  "modified": "2023-11-22T18:30:53Z",
  "published": "2023-11-15T21:35:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48013"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/2612"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H69V-WWMX-68XJ

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-09-11 15:31
VLAI
Details

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network.

We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:24Z",
    "severity": "HIGH"
  },
  "details": "A\u00a0double free vulnerability\u00a0has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.1.7.2770 build 20240520 and later\nQuTS hero h5.1.7.2770 build 20240520 and later",
  "id": "GHSA-h69v-wwmx-68xj",
  "modified": "2024-09-11T15:31:10Z",
  "published": "2024-05-21T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27127"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-24-23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H6G2-742C-P38F

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix double free issue for tx spare buffer

In hns3_set_ringparam(), a temporary copy (tmp_rings) of the ring structure is created for rollback. However, the tx_spare pointer in the original ring handle is incorrectly left pointing to the old backup memory.

Later, if memory allocation fails in hns3_init_all_ring() during the setup, the error path attempts to free all newly allocated rings. Since tx_spare contains a stale (non-NULL) pointer from the backup, it is mistaken for a newly allocated buffer and is erroneously freed, leading to a double-free of the backup memory.

The root cause is that the tx_spare field was not cleared after its value was saved in tmp_rings, leaving a dangling pointer.

Fix this by setting tx_spare to NULL in the original ring structure when the creation of the new tx_spare fails. This ensures the error cleanup path only frees genuinely newly allocated buffers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:03Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix double free issue for tx spare buffer\n\nIn hns3_set_ringparam(), a temporary copy (tmp_rings) of the ring structure\nis created for rollback. However, the tx_spare pointer in the original\nring handle is incorrectly left pointing to the old backup memory.\n\nLater, if memory allocation fails in hns3_init_all_ring() during the setup,\nthe error path attempts to free all newly allocated rings. Since tx_spare\ncontains a stale (non-NULL) pointer from the backup, it is mistaken for\na newly allocated buffer and is erroneously freed, leading to a double-free\nof the backup memory.\n\nThe root cause is that the tx_spare field was not cleared after its value\nwas saved in tmp_rings, leaving a dangling pointer.\n\nFix this by setting tx_spare to NULL in the original ring structure\nwhen the creation of the new `tx_spare` fails. This ensures the\nerror cleanup path only frees genuinely newly allocated buffers.",
  "id": "GHSA-h6g2-742c-p38f",
  "modified": "2026-06-25T21:31:20Z",
  "published": "2026-05-27T15:33:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45891"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43015461662d41dcfb3bb95fadd8a2a42ad8eacf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d2f142b1e4b203387a92519d9d2e34752a79dbb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6dc10494cfe27b6f1e9adb7e293293ae39c50b7c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3659273860bed0c8e573b865e3769abc51225a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2c785733dfb853ea0b53984c75662a1af230a94"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb6a4c376d454b425555b1b0bda36e99f56ec307"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fdbccddb7e7822016601829f95de4008e193f7bc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H74G-Q6CF-5QXM

Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02
VLAI
Details

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-28T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.",
  "id": "GHSA-h74g-q6cf-5qxm",
  "modified": "2022-04-30T00:02:14Z",
  "published": "2022-04-30T00:02:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1999"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Aug/13"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2019-02-01"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3979-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4495"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46357"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106851"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H848-FW25-HP2W

Vulnerability from github – Published: 2026-04-06 15:31 – Updated: 2026-04-06 21:31
VLAI
Details

A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-06T15:17:07Z",
    "severity": "MODERATE"
  },
  "details": "A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.",
  "id": "GHSA-h848-fw25-hp2w",
  "modified": "2026-04-06T21:31:34Z",
  "published": "2026-04-06T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31053"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rizinorg/rizin/issues/5753"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rizinorg/rizin/pull/5795"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H8CP-PH26-XWMV

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2022-10-07 00:00
VLAI
Details

docker-credential-helpers before 0.6.3 has a double free in the List functions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1020014"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-29T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "docker-credential-helpers before 0.6.3 has a double free in the List functions.",
  "id": "GHSA-h8cp-ph26-xwmv",
  "modified": "2022-10-07T00:00:52Z",
  "published": "2022-05-24T16:51:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1020014"
    },
    {
      "type": "WEB",
      "url": "https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4103-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4103-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H8GV-F7PF-7C4P

Vulnerability from github – Published: 2024-11-26 15:31 – Updated: 2025-11-03 21:31
VLAI
Details

A double-free issue could have occurred in sec_pkcs7_decoder_start_decrypt() when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-26T14:15:19Z",
    "severity": "CRITICAL"
  },
  "details": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox \u003c 133 and Thunderbird \u003c 133.",
  "id": "GHSA-h8gv-f7pf-7c4p",
  "modified": "2025-11-03T21:31:39Z",
  "published": "2024-11-26T15:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11704"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1899402"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-63"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-67"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-09"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H94R-W24G-CP37

Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57
VLAI
Details

In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11982"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-20T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.",
  "id": "GHSA-h94r-w24g-cp37",
  "modified": "2022-05-14T01:57:01Z",
  "published": "2022-05-14T01:57:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11982"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H9QJ-G5QJ-VG37

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31
VLAI
Details

Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-21T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.",
  "id": "GHSA-h9qj-g5qj-vg37",
  "modified": "2022-05-24T17:31:53Z",
  "published": "2022-05-24T17:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9747"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/animate/apsb20-61.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H9V3-M6CC-QPV3

Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26
VLAI
Details

Memory corruption due to double free in core while initializing the encryption key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-13T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption due to double free in core while initializing the encryption key.",
  "id": "GHSA-h9v3-m6cc-qpv3",
  "modified": "2024-04-04T03:26:39Z",
  "published": "2023-04-13T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33231"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.