Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

965 vulnerabilities reference this CWE, most recent first.

GHSA-WCG5-6PC8-HJF5

Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34
VLAI
Details

Memory corruption due to double free in Core while mapping HLOS address to the list.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T08:15:11Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption due to double free in Core while mapping HLOS address to the list.",
  "id": "GHSA-wcg5-6pc8-hjf5",
  "modified": "2024-04-04T04:34:00Z",
  "published": "2023-06-06T09:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40507"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WCVP-R8J8-47PC

Vulnerability from github – Published: 2021-09-01 18:30 – Updated: 2023-06-13 21:58
VLAI
Summary
Double free in toodee
Details

When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len() returned by the ExactSizeIterator.

This could result in elements in the array being freed twice if the iterator panics. Uninitialized or previously freed elements could also be exposed if the len() didn't match the number of elements.

These issues were fixed in commit ced70c17 by temporarily setting the length of the array smaller while processing it and adding assertions on the number of elements returned by the iterator.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "toodee"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-28028"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-30T21:56:42Z",
    "nvd_published_at": "2021-03-05T09:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len() returned by the ExactSizeIterator.\n\nThis could result in elements in the array being freed twice if the iterator panics. Uninitialized or previously freed elements could also be exposed if the len() didn\u0027t match the number of elements.\n\nThese issues were fixed in commit `ced70c17` by temporarily setting the length of the array smaller while processing it and adding assertions on the number of elements returned by the iterator.",
  "id": "GHSA-wcvp-r8j8-47pc",
  "modified": "2023-06-13T21:58:19Z",
  "published": "2021-09-01T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28028"
    },
    {
      "type": "WEB",
      "url": "https://github.com/antonmarsden/toodee/issues/13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/antonmarsden/toodee/commit/ced70c172486fb4827c172cd8238053df3d1dcdb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/antonmarsden/toodee"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Double free in toodee"
}

GHSA-WCWC-4CCJ-82RC

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue

After successfull station association, if station queues are disabled for some reason, the related lists are not emptied. So if some new element is added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old one and produce a BUG like this:

[ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388). [ 46.535283] ------------[ cut here ]------------ [ 46.535284] kernel BUG at lib/list_debug.c:26! [ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1 [ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012 [ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f [ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1 [ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286 [ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000 [ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff [ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666 [ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388 [ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0 [ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000 [ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0 [ 46.687422] Call Trace: [ 46.689906] [ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm] [ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211] [ 46.702973] ? sta_info_get+0x46/0x60 [mac80211] [ 46.707703] ieee80211_tx+0xad/0x110 [mac80211] [ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211] ...

In order to avoid this problem, we must also remove the related lists when station queues are disabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:46Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue\n\nAfter successfull station association, if station queues are disabled for\nsome reason, the related lists are not emptied. So if some new element is\nadded to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old\none and produce a BUG like this:\n\n[   46.535263] list_add corruption. prev-\u003enext should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).\n[   46.535283] ------------[ cut here ]------------\n[   46.535284] kernel BUG at lib/list_debug.c:26!\n[   46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[   46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1\n[   46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN       , BIOS A07 08/24/2012\n[   46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f\n[   46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff \u003c0f\u003e 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1\n[   46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286\n[   46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000\n[   46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff\n[   46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666\n[   46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388\n[   46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0\n[   46.666108] FS:  00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000\n[   46.674331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0\n[   46.687422] Call Trace:\n[   46.689906]  \u003cTASK\u003e\n[   46.691950]  iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]\n[   46.697601]  ieee80211_queue_skb+0x4b3/0x720 [mac80211]\n[   46.702973]  ? sta_info_get+0x46/0x60 [mac80211]\n[   46.707703]  ieee80211_tx+0xad/0x110 [mac80211]\n[   46.712355]  __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]\n...\n\nIn order to avoid this problem, we must also remove the related lists when\nstation queues are disabled.",
  "id": "GHSA-wcwc-4ccj-82rc",
  "modified": "2025-11-18T21:32:28Z",
  "published": "2025-06-18T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50164"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14a3aacf517a9de725dd3219dbbcf741e31763c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/182d3c1385f44ba7c508bf5b1292a7fe96ad4e9e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/38d71acc15a2e72806b516380af0adb3830d4639"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a40af2b0b9517fca7ae2a030c9c0a16836303c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5cca5f714fe6cedd2df9d8451ad8df21e6464f62"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff068c25bf90d26f0aee1751553f18076b797e8d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHX8-G4MC-7MCQ

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.",
  "id": "GHSA-whx8-g4mc-7mcq",
  "modified": "2022-05-24T17:40:17Z",
  "published": "2022-05-24T17:40:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36225"
    },
    {
      "type": "WEB",
      "url": "https://bugs.openldap.org/show_bug.cgi?id=9412"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210226-0002"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212530"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212531"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4845"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/64"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/65"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJH8-MH8Q-QG7H

Vulnerability from github – Published: 2022-08-20 00:00 – Updated: 2022-08-23 00:00
VLAI
Details

A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-19T23:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.",
  "id": "GHSA-wjh8-mh8q-qg7h",
  "modified": "2022-08-23T00:00:18Z",
  "published": "2022-08-20T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27794"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/issues/16303"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/cb8b683758edddae2d2f62e8e63a738c39f92683"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WMCM-X4V8-VF3R

Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 18:31
VLAI
Details

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending a crafted SSL/TLS certificate to an affected system through a listening SSL/TLS socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-14T17:15:34Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\n\nThis vulnerability is due to improper parsing of\u0026nbsp;SSL/TLS certificates. An attacker could exploit this vulnerability by sending a crafted SSL/TLS certificate to an affected system through a listening SSL/TLS socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.",
  "id": "GHSA-wmcm-x4v8-vf3r",
  "modified": "2025-08-14T18:31:29Z",
  "published": "2025-08-14T18:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20134"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WMFF-45HX-Q83Q

Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27
VLAI
Details

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-26T15:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.",
  "id": "GHSA-wmff-45hx-q83q",
  "modified": "2022-05-17T00:27:22Z",
  "published": "2022-05-17T00:27:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6912"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3777"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95843"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WR67-PP59-29QP

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-08 00:37
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netdev: fix double-free in netdev_nl_bind_rx_doit()

Sashiko flags that genlmsg_reply() always consumes the skb. The error path calls nlmsg_free(rsp) so we can't jump directly to it. Let's not unbind, just propagate the error to the user. This is the typical way of handling genlmsg_reply() failures. They shouldn't happen unless user does something silly like calling the kernel with an already-full rcvbuf.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:41Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: fix double-free in netdev_nl_bind_rx_doit()\n\nSashiko flags that genlmsg_reply() always consumes the skb.\nThe error path calls nlmsg_free(rsp) so we can\u0027t jump directly\nto it. Let\u0027s not unbind, just propagate the error to the user.\nThis is the typical way of handling genlmsg_reply() failures.\nThey shouldn\u0027t happen unless user does something silly like\ncalling the kernel with an already-full rcvbuf.",
  "id": "GHSA-wr67-pp59-29qp",
  "modified": "2026-07-08T00:37:52Z",
  "published": "2026-06-25T09:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53233"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b019376cbee10c4f9184d1745fa37d156e36f30"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c299321bc6232770ce378d6fa6bc46004d2d7fdb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c849de7d8757a7af801fc4a4058f71d481d367f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e055ca9205d3eb6aec3e5fe4ecc18abbbf18c599"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WRC6-3HF5-F858

Vulnerability from github – Published: 2025-06-03 21:30 – Updated: 2025-06-03 21:30
VLAI
Details

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, and 1380. A Double Free in the mobile processor leads to privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-03T19:15:38Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, and 1380. A Double Free in the mobile processor leads to privilege escalation.",
  "id": "GHSA-wrc6-3hf5-f858",
  "modified": "2025-06-03T21:30:37Z",
  "published": "2025-06-03T21:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23102"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23102"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WVXJ-3GQ6-2MG4

Vulnerability from github – Published: 2026-04-30 09:30 – Updated: 2026-04-30 15:30
VLAI
Details

iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5657"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-30T07:16:38Z",
    "severity": "MODERATE"
  },
  "details": "iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service",
  "id": "GHSA-wvxj-3gq6-2mg4",
  "modified": "2026-04-30T15:30:39Z",
  "published": "2026-04-30T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5657"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/21113"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21113"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2026-20.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.