CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
965 vulnerabilities reference this CWE, most recent first.
GHSA-R883-XFPJ-RCW8
Vulnerability from github – Published: 2025-10-15 18:31 – Updated: 2025-10-15 18:31When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2025-61990"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T16:15:35Z",
"severity": "HIGH"
},
"details": "When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-r883-xfpj-rcw8",
"modified": "2025-10-15T18:31:51Z",
"published": "2025-10-15T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61990"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000156912"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R9G8-36P4-9GGJ
Vulnerability from github – Published: 2022-05-14 03:53 – Updated: 2022-05-14 03:53The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2017-15316"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-22T17:29:00Z",
"severity": "HIGH"
},
"details": "The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.",
"id": "GHSA-r9g8-36p4-9ggj",
"modified": "2022-05-14T03:53:41Z",
"published": "2022-05-14T03:53:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15316"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R9HW-J2QR-6M8C
Vulnerability from github – Published: 2022-05-14 03:46 – Updated: 2022-05-14 03:46A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
{
"affected": [],
"aliases": [
"CVE-2017-1000231"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-17T04:29:00Z",
"severity": "CRITICAL"
},
"details": "A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.",
"id": "GHSA-r9hw-j2qr-6m8c",
"modified": "2022-05-14T03:46:35Z",
"published": "2022-05-14T03:46:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000231"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html"
},
{
"type": "WEB",
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RC8C-94M4-FRFH
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 15:30In the Linux kernel, the following vulnerability has been resolved:
smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()
smbd_send_batch_flush() already calls smbd_free_send_io(), so we should not call it again after smbd_post_send() moved it to the batch list.
{
"affected": [],
"aliases": [
"CVE-2026-31609"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:40Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()\n\nsmbd_send_batch_flush() already calls smbd_free_send_io(),\nso we should not call it again after smbd_post_send()\nmoved it to the batch list.",
"id": "GHSA-rc8c-94m4-frfh",
"modified": "2026-04-27T15:30:45Z",
"published": "2026-04-24T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31609"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22b7c1c619d808aec4cad3dc42103345e370d107"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27b7c3e916218b5eb2ee350211140e961bfc49be"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9940dcbe5cb92482c04efc7341039ddf7dbf607"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9a162c2bbcd0ac85bd07c5b37cf20286048b65c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RCCQ-J2M7-8FWR
Vulnerability from github – Published: 2021-08-25 20:55 – Updated: 2023-06-13 18:19A double free can occur in remove_set upon a panic in a Drop impl. When removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "id-map"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-30457"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:04:15Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "A double free can occur in remove_set upon a panic in a Drop impl. When removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.",
"id": "GHSA-rccq-j2m7-8fwr",
"modified": "2023-06-13T18:19:30Z",
"published": "2021-08-25T20:55:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30457"
},
{
"type": "WEB",
"url": "https://github.com/andrewhickman/id-map/issues/3"
},
{
"type": "PACKAGE",
"url": "https://github.com/andrewhickman/id-map"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0052.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double-free in id-map"
}
GHSA-RCG7-HR56-WCC7
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-1888"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T06:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-rcg7-hr56-wcc7",
"modified": "2022-05-24T19:07:47Z",
"published": "2022-05-24T19:07:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1888"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RCRF-PFQG-HXMM
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:53There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2019-5219"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-06T15:29:00Z",
"severity": "MODERATE"
},
"details": "There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition.",
"id": "GHSA-rcrf-pfqg-hxmm",
"modified": "2024-04-04T00:53:36Z",
"published": "2022-05-24T16:47:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5219"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RCWQ-9VJV-M77W
Vulnerability from github – Published: 2023-01-09 09:30 – Updated: 2023-01-13 03:30Memory corruption in display due to double free while allocating frame buffer memory
{
"affected": [],
"aliases": [
"CVE-2022-25717"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-09T08:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption in display due to double free while allocating frame buffer memory",
"id": "GHSA-rcwq-9vjv-m77w",
"modified": "2023-01-13T03:30:19Z",
"published": "2023-01-09T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25717"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF87-XM6Q-RWXC
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
{
"affected": [],
"aliases": [
"CVE-2017-9287"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-29T16:29:00Z",
"severity": "MODERATE"
},
"details": "servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.",
"id": "GHSA-rf87-xm6q-rwxc",
"modified": "2022-05-13T01:01:03Z",
"published": "2022-05-13T01:01:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1852"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/863563"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3868"
},
{
"type": "WEB",
"url": "http://www.openldap.org/its/?findid=8655"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98736"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038591"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF9X-3287-7X74
Vulnerability from github – Published: 2022-05-17 00:16 – Updated: 2022-05-17 00:16The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2017-8141"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-22T19:29:00Z",
"severity": "HIGH"
},
"details": "The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.",
"id": "GHSA-rf9x-3287-7x74",
"modified": "2022-05-17T00:16:44Z",
"published": "2022-05-17T00:16:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8141"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-smartphone-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.