CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
966 vulnerabilities reference this CWE, most recent first.
GHSA-H66H-VHXH-6FR4
Vulnerability from github – Published: 2023-11-15 21:35 – Updated: 2023-11-22 18:30GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
{
"affected": [],
"aliases": [
"CVE-2023-48013"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-15T19:15:07Z",
"severity": "HIGH"
},
"details": "GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.",
"id": "GHSA-h66h-vhxh-6fr4",
"modified": "2023-11-22T18:30:53Z",
"published": "2023-11-15T21:35:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48013"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2612"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H69V-WWMX-68XJ
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-09-11 15:31A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network.
We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
{
"affected": [],
"aliases": [
"CVE-2024-27127"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:24Z",
"severity": "HIGH"
},
"details": "A\u00a0double free vulnerability\u00a0has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.1.7.2770 build 20240520 and later\nQuTS hero h5.1.7.2770 build 20240520 and later",
"id": "GHSA-h69v-wwmx-68xj",
"modified": "2024-09-11T15:31:10Z",
"published": "2024-05-21T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27127"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-24-23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-H6G2-742C-P38F
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix double free issue for tx spare buffer
In hns3_set_ringparam(), a temporary copy (tmp_rings) of the ring structure is created for rollback. However, the tx_spare pointer in the original ring handle is incorrectly left pointing to the old backup memory.
Later, if memory allocation fails in hns3_init_all_ring() during the setup, the error path attempts to free all newly allocated rings. Since tx_spare contains a stale (non-NULL) pointer from the backup, it is mistaken for a newly allocated buffer and is erroneously freed, leading to a double-free of the backup memory.
The root cause is that the tx_spare field was not cleared after its value was saved in tmp_rings, leaving a dangling pointer.
Fix this by setting tx_spare to NULL in the original ring structure
when the creation of the new tx_spare fails. This ensures the
error cleanup path only frees genuinely newly allocated buffers.
{
"affected": [],
"aliases": [
"CVE-2026-45891"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:03Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix double free issue for tx spare buffer\n\nIn hns3_set_ringparam(), a temporary copy (tmp_rings) of the ring structure\nis created for rollback. However, the tx_spare pointer in the original\nring handle is incorrectly left pointing to the old backup memory.\n\nLater, if memory allocation fails in hns3_init_all_ring() during the setup,\nthe error path attempts to free all newly allocated rings. Since tx_spare\ncontains a stale (non-NULL) pointer from the backup, it is mistaken for\na newly allocated buffer and is erroneously freed, leading to a double-free\nof the backup memory.\n\nThe root cause is that the tx_spare field was not cleared after its value\nwas saved in tmp_rings, leaving a dangling pointer.\n\nFix this by setting tx_spare to NULL in the original ring structure\nwhen the creation of the new `tx_spare` fails. This ensures the\nerror cleanup path only frees genuinely newly allocated buffers.",
"id": "GHSA-h6g2-742c-p38f",
"modified": "2026-06-25T21:31:20Z",
"published": "2026-05-27T15:33:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45891"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43015461662d41dcfb3bb95fadd8a2a42ad8eacf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d2f142b1e4b203387a92519d9d2e34752a79dbb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6dc10494cfe27b6f1e9adb7e293293ae39c50b7c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3659273860bed0c8e573b865e3769abc51225a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2c785733dfb853ea0b53984c75662a1af230a94"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb6a4c376d454b425555b1b0bda36e99f56ec307"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fdbccddb7e7822016601829f95de4008e193f7bc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H74G-Q6CF-5QXM
Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
{
"affected": [],
"aliases": [
"CVE-2019-1999"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-28T17:29:00Z",
"severity": "HIGH"
},
"details": "In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.",
"id": "GHSA-h74g-q6cf-5qxm",
"modified": "2022-04-30T00:02:14Z",
"published": "2022-04-30T00:02:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1999"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/13"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3979-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4495"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46357"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106851"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H848-FW25-HP2W
Vulnerability from github – Published: 2026-04-06 15:31 – Updated: 2026-04-06 21:31A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.
{
"affected": [],
"aliases": [
"CVE-2026-31053"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-06T15:17:07Z",
"severity": "MODERATE"
},
"details": "A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.",
"id": "GHSA-h848-fw25-hp2w",
"modified": "2026-04-06T21:31:34Z",
"published": "2026-04-06T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31053"
},
{
"type": "WEB",
"url": "https://github.com/rizinorg/rizin/issues/5753"
},
{
"type": "WEB",
"url": "https://github.com/rizinorg/rizin/pull/5795"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H8CP-PH26-XWMV
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2022-10-07 00:00docker-credential-helpers before 0.6.3 has a double free in the List functions.
{
"affected": [],
"aliases": [
"CVE-2019-1020014"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-29T13:15:00Z",
"severity": "MODERATE"
},
"details": "docker-credential-helpers before 0.6.3 has a double free in the List functions.",
"id": "GHSA-h8cp-ph26-xwmv",
"modified": "2022-10-07T00:00:52Z",
"published": "2022-05-24T16:51:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1020014"
},
{
"type": "WEB",
"url": "https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a"
},
{
"type": "WEB",
"url": "https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4103-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4103-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H8GV-F7PF-7C4P
Vulnerability from github – Published: 2024-11-26 15:31 – Updated: 2025-11-03 21:31A double-free issue could have occurred in sec_pkcs7_decoder_start_decrypt() when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133.
{
"affected": [],
"aliases": [
"CVE-2024-11704"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-26T14:15:19Z",
"severity": "CRITICAL"
},
"details": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox \u003c 133 and Thunderbird \u003c 133.",
"id": "GHSA-h8gv-f7pf-7c4p",
"modified": "2025-11-03T21:31:39Z",
"published": "2024-11-26T15:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11704"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1899402"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-09"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H94R-W24G-CP37
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.
{
"affected": [],
"aliases": [
"CVE-2018-11982"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-20T13:29:00Z",
"severity": "HIGH"
},
"details": "In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.",
"id": "GHSA-h94r-w24g-cp37",
"modified": "2022-05-14T01:57:01Z",
"published": "2022-05-14T01:57:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11982"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H9QJ-G5QJ-VG37
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
{
"affected": [],
"aliases": [
"CVE-2020-9747"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-21T20:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.",
"id": "GHSA-h9qj-g5qj-vg37",
"modified": "2022-05-24T17:31:53Z",
"published": "2022-05-24T17:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9747"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/animate/apsb20-61.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-H9V3-M6CC-QPV3
Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26Memory corruption due to double free in core while initializing the encryption key.
{
"affected": [],
"aliases": [
"CVE-2022-33231"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-13T07:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption due to double free in core while initializing the encryption key.",
"id": "GHSA-h9v3-m6cc-qpv3",
"modified": "2024-04-04T03:26:39Z",
"published": "2023-04-13T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33231"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.