CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
966 vulnerabilities reference this CWE, most recent first.
GHSA-QC4M-GC8R-MG8M
Vulnerability from github – Published: 2021-08-25 20:48 – Updated: 2021-08-19 20:56An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "alpm-rs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.24"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35885"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T20:56:12Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.",
"id": "GHSA-qc4m-gc8r-mg8m",
"modified": "2021-08-19T20:56:12Z",
"published": "2021-08-25T20:48:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35885"
},
{
"type": "WEB",
"url": "https://github.com/pigeonhands/rust-arch/issues/2"
},
{
"type": "PACKAGE",
"url": "https://github.com/BahNahNah/rust-arch/tree/master/alpm-rs"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0032.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in alpm-rs"
}
GHSA-QCM3-Q3PJ-VW39
Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2025-04-03 04:01Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2004-0772"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-10-20T04:00:00Z",
"severity": "HIGH"
},
"details": "Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.",
"id": "GHSA-qcm3-q3pj-vw39",
"modified": "2025-04-03T04:01:28Z",
"published": "2022-04-29T02:58:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0772"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17158"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=109508872524753\u0026w=2"
},
{
"type": "WEB",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2004/dsa-543"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/350792"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:088"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/11078"
},
{
"type": "WEB",
"url": "http://www.trustix.net/errata/2004/0045"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-247A.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QCV4-8QFQ-9W76
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32Windows Direct Show Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21291"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:50Z",
"severity": "HIGH"
},
"details": "Windows Direct Show Remote Code Execution Vulnerability",
"id": "GHSA-qcv4-8qfq-9w76",
"modified": "2025-01-14T18:32:04Z",
"published": "2025-01-14T18:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21291"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21291"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QCX9-4FJ7-JF29
Vulnerability from github – Published: 2026-04-01 09:31 – Updated: 2026-04-18 09:30In the Linux kernel, the following vulnerability has been resolved:
apparmor: Fix double free of ns_name in aa_replace_profiles()
if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name);
and if ent->ns_name contains an ns_name in 1089 } else if (ent->ns_name) {
then ns_name is assigned the ent->ns_name 1095 ns_name = ent->ns_name;
however ent->ns_name is freed at 1262 aa_load_ent_free(ent);
and then again when freeing ns_name at 1270 kfree(ns_name);
Fix this by NULLing out ent->ns_name after it is transferred to ns_name
")
{
"affected": [],
"aliases": [
"CVE-2026-23408"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-01T09:16:16Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix double free of ns_name in aa_replace_profiles()\n\nif ns_name is NULL after\n1071 error = aa_unpack(udata, \u0026lh, \u0026ns_name);\n\nand if ent-\u003ens_name contains an ns_name in\n1089 } else if (ent-\u003ens_name) {\n\nthen ns_name is assigned the ent-\u003ens_name\n1095 ns_name = ent-\u003ens_name;\n\nhowever ent-\u003ens_name is freed at\n1262 aa_load_ent_free(ent);\n\nand then again when freeing ns_name at\n1270 kfree(ns_name);\n\nFix this by NULLing out ent-\u003ens_name after it is transferred to ns_name\n\n\")",
"id": "GHSA-qcx9-4fj7-jf29",
"modified": "2026-04-18T09:30:19Z",
"published": "2026-04-01T09:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23408"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18b5233e860c294a847ee07869d93c0b8673a54b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/35f4caec1352054b9a61cfdf2bf1898073637aa0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55ef2af7490aaf72f8ffe11ec44c6bcb7eb2162a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5df0c44e8f5f619d3beb871207aded7c78414502"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7998ab3010d2317643f91828f1853d954ef31387"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86feeccd6b93ed94bd6655f30de80f163f8d5a45"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c053ae381ce227577567d1ef10090ce7506d7a28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6347a2116ecccb8fd9ee4ebc75ae41d1d7ef689"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF22-W2VM-6C9M
Vulnerability from github – Published: 2025-12-02 03:31 – Updated: 2025-12-02 15:30In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4801.
{
"affected": [],
"aliases": [
"CVE-2025-20772"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-02T03:16:18Z",
"severity": "MODERATE"
},
"details": "In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4801.",
"id": "GHSA-qf22-w2vm-6c9m",
"modified": "2025-12-02T15:30:31Z",
"published": "2025-12-02T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20772"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QFC5-MCWQ-26Q8
Vulnerability from github – Published: 2020-03-12 17:02 – Updated: 2024-10-21 21:03psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.6.5"
},
"package": {
"ecosystem": "PyPI",
"name": "psutil"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.6.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-18874"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2020-03-12T17:02:28Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.",
"id": "GHSA-qfc5-mcwq-26q8",
"modified": "2024-10-21T21:03:36Z",
"published": "2020-03-12T17:02:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18874"
},
{
"type": "WEB",
"url": "https://github.com/giampaolo/psutil/pull/1616"
},
{
"type": "WEB",
"url": "https://github.com/giampaolo/psutil/commit/7d512c8e4442a896d56505be3e78f1156f443465"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-qfc5-mcwq-26q8"
},
{
"type": "PACKAGE",
"url": "https://github.com/giampaolo/psutil"
},
{
"type": "WEB",
"url": "https://github.com/giampaolo/psutil/blob/master/HISTORY.rst#566"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/psutil/PYSEC-2019-41.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P7QI7MOTZTFXQYU23CP3RAWXCERMOAS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLETTJYZL2SMBUI4Q2NGBMGPDPP54SRG"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4204-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Double Free in psutil"
}
GHSA-QGC6-G85M-P5FG
Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-05 00:00SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.
{
"affected": [],
"aliases": [
"CVE-2022-36234"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-28T23:15:00Z",
"severity": "HIGH"
},
"details": "SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.",
"id": "GHSA-qgc6-g85m-p5fg",
"modified": "2022-08-05T00:00:24Z",
"published": "2022-07-29T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36234"
},
{
"type": "WEB",
"url": "https://github.com/kashimAstro/SimpleNetwork/issues/22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QJ5H-583M-QH6V
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).
{
"affected": [],
"aliases": [
"CVE-2021-36080"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-01T03:15:00Z",
"severity": "HIGH"
},
"details": "GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).",
"id": "GHSA-qj5h-583m-qh6v",
"modified": "2022-05-24T19:06:45Z",
"published": "2022-05-24T19:06:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36080"
},
{
"type": "WEB",
"url": "https://github.com/LibreDWG/libredwg/commit/9b6e0ff9ef02818df034fc42c3bd149a5ff89342"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31724"
},
{
"type": "WEB",
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-495.yaml"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QM6R-96CC-Q36W
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-11 09:30In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Completely fix fcport double free
In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When an error happens, this function is called by qla2x00_sp_release(), when kref_put() releases the first and the last reference.
qla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport(). Doing it one more time after kref_put() is a bad idea.
{
"affected": [],
"aliases": [
"CVE-2026-43414"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:53Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Completely fix fcport double free\n\nIn qla24xx_els_dcmd_iocb() sp-\u003efree is set to qla2x00_els_dcmd_sp_free().\nWhen an error happens, this function is called by qla2x00_sp_release(),\nwhen kref_put() releases the first and the last reference.\n\nqla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport().\nDoing it one more time after kref_put() is a bad idea.",
"id": "GHSA-qm6r-96cc-q36w",
"modified": "2026-05-11T09:30:31Z",
"published": "2026-05-08T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43414"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0b7da13a04bd70ef6070bfb9ea85f582294560a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d48ea85463f5b34f7b92ea0a13eddf1ab993da7b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QM7Q-X8GP-F7M8
Vulnerability from github – Published: 2022-05-17 01:57 – Updated: 2022-05-17 01:57Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2017-12858"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-23T14:29:00Z",
"severity": "CRITICAL"
},
"details": "Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.",
"id": "GHSA-qm7q-x8gp-f7m8",
"modified": "2022-05-17T01:57:26Z",
"published": "2022-05-17T01:57:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12858"
},
{
"type": "WEB",
"url": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100459"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.