CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-MHWJ-6QMW-WQ9V
Vulnerability from github – Published: 2022-05-14 01:48 – Updated: 2022-05-14 01:48In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468.
{
"affected": [],
"aliases": [
"CVE-2018-9356"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-06T17:29:00Z",
"severity": "CRITICAL"
},
"details": "In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468.",
"id": "GHSA-mhwj-6qmw-wq9v",
"modified": "2022-05-14T01:48:30Z",
"published": "2022-05-14T01:48:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9356"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-06-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104461"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ55-6P4Q-86F4
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.
{
"affected": [],
"aliases": [
"CVE-2019-8635"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-18T18:15:00Z",
"severity": "HIGH"
},
"details": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.",
"id": "GHSA-mj55-6p4q-86f4",
"modified": "2022-05-24T17:04:22Z",
"published": "2022-05-24T17:04:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8635"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210119"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MJFV-Q5WP-VG8F
Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32Memory corruption while processing multiple simultaneous escape calls.
{
"affected": [],
"aliases": [
"CVE-2025-27046"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T13:15:31Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing multiple simultaneous escape calls.",
"id": "GHSA-mjfv-q5wp-vg8f",
"modified": "2025-07-08T15:32:02Z",
"published": "2025-07-08T15:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27046"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MM54-95HQ-F739
Vulnerability from github – Published: 2022-05-14 00:59 – Updated: 2022-05-14 00:59A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
{
"affected": [],
"aliases": [
"CVE-2019-3829"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-27T18:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.",
"id": "GHSA-mm54-95hq-f739",
"modified": "2022-05-14T00:59:49Z",
"published": "2022-05-14T00:59:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3829"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"type": "WEB",
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190619-0004"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3999-1"
},
{
"type": "WEB",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MM7V-VPV8-XFC3
Vulnerability from github – Published: 2021-08-25 20:44 – Updated: 2023-06-13 20:57Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "smallvec"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.5"
},
{
"fixed": "0.6.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-15551"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:22:23Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution.",
"id": "GHSA-mm7v-vpv8-xfc3",
"modified": "2023-06-13T20:57:37Z",
"published": "2021-08-25T20:44:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15551"
},
{
"type": "WEB",
"url": "https://github.com/servo/rust-smallvec/issues/148"
},
{
"type": "WEB",
"url": "https://github.com/servo/rust-smallvec/issues/149"
},
{
"type": "WEB",
"url": "https://github.com/servo/rust-smallvec/commit/c20cfa8584e649f00dc0767ab6fad63a3f59a296"
},
{
"type": "WEB",
"url": "https://github.com/servo/rust-smallvec/commit/f96322b9243405cc82701cc73f1b19313b413ab4"
},
{
"type": "PACKAGE",
"url": "https://github.com/servo/rust-smallvec"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in smallvec"
}
GHSA-MMJC-3G2P-897M
Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2024-02-02 15:30Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
{
"affected": [],
"aliases": [
"CVE-2003-0545"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2003-11-17T05:00:00Z",
"severity": "HIGH"
},
"details": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.",
"id": "GHSA-mmjc-3g2p-897m",
"modified": "2024-02-02T15:30:25Z",
"published": "2022-04-29T01:26:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0545"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22249"
},
{
"type": "WEB",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
},
{
"type": "WEB",
"url": "http://www.cert.org/advisories/CA-2003-26.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2003/dsa-394"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/935264"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/8732"
},
{
"type": "WEB",
"url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/3900"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMXR-6344-9FV5
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
{
"affected": [],
"aliases": [
"CVE-2017-7521"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-27T13:29:00Z",
"severity": "MODERATE"
},
"details": "OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().",
"id": "GHSA-mmxr-6344-9fv5",
"modified": "2022-05-13T01:47:00Z",
"published": "2022-05-13T01:47:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7521"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3900"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99230"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038768"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP7X-6P2G-HMWV
Vulnerability from github – Published: 2023-12-13 09:30 – Updated: 2023-12-13 09:30A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
{
"affected": [],
"aliases": [
"CVE-2023-41678"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-13T07:15:17Z",
"severity": "HIGH"
},
"details": "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.",
"id": "GHSA-mp7x-6p2g-hmwv",
"modified": "2023-12-13T09:30:32Z",
"published": "2023-12-13T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41678"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-23-196"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPJJ-M3FM-3JJF
Vulnerability from github – Published: 2022-01-14 00:02 – Updated: 2023-05-27 06:30The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-40572"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-13T19:15:00Z",
"severity": "MODERATE"
},
"details": "The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.",
"id": "GHSA-mpjj-m3fm-3jjf",
"modified": "2023-05-27T06:30:38Z",
"published": "2022-01-14T00:02:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40572"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1893"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPWP-WHHG-QQX4
Vulnerability from github – Published: 2026-01-26 18:31 – Updated: 2026-01-26 21:30A Double Free in XSLT show_index has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2025-57785"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-26T18:16:27Z",
"severity": "MODERATE"
},
"details": "A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.",
"id": "GHSA-mpwp-whhg-qqx4",
"modified": "2026-01-26T21:30:36Z",
"published": "2026-01-26T18:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57785"
},
{
"type": "WEB",
"url": "https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/xslt.c?ref_type=heads#L675"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.