Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

966 vulnerabilities reference this CWE, most recent first.

GHSA-QC4M-GC8R-MG8M

Vulnerability from github – Published: 2021-08-25 20:48 – Updated: 2021-08-19 20:56
VLAI
Summary
Double free in alpm-rs
Details

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "alpm-rs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T20:56:12Z",
    "nvd_published_at": "2020-12-31T10:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.",
  "id": "GHSA-qc4m-gc8r-mg8m",
  "modified": "2021-08-19T20:56:12Z",
  "published": "2021-08-25T20:48:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35885"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pigeonhands/rust-arch/issues/2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/BahNahNah/rust-arch/tree/master/alpm-rs"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0032.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Double free in alpm-rs"
}

GHSA-QCM3-Q3PJ-VW39

Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2025-04-03 04:01
VLAI
Details

Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2004-0772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-10-20T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.",
  "id": "GHSA-qcm3-q3pj-vw39",
  "modified": "2025-04-03T04:01:28Z",
  "published": "2022-04-29T02:58:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0772"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17158"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=109508872524753\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2004/dsa-543"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/350792"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:088"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/11078"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.net/errata/2004/0045"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-247A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCV4-8QFQ-9W76

Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-01-14 18:32
VLAI
Details

Windows Direct Show Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T18:15:50Z",
    "severity": "HIGH"
  },
  "details": "Windows Direct Show Remote Code Execution Vulnerability",
  "id": "GHSA-qcv4-8qfq-9w76",
  "modified": "2025-01-14T18:32:04Z",
  "published": "2025-01-14T18:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21291"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21291"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCX9-4FJ7-JF29

Vulnerability from github – Published: 2026-04-01 09:31 – Updated: 2026-04-18 09:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

apparmor: Fix double free of ns_name in aa_replace_profiles()

if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name);

and if ent->ns_name contains an ns_name in 1089 } else if (ent->ns_name) {

then ns_name is assigned the ent->ns_name 1095 ns_name = ent->ns_name;

however ent->ns_name is freed at 1262 aa_load_ent_free(ent);

and then again when freeing ns_name at 1270 kfree(ns_name);

Fix this by NULLing out ent->ns_name after it is transferred to ns_name

")

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-01T09:16:16Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix double free of ns_name in aa_replace_profiles()\n\nif ns_name is NULL after\n1071         error = aa_unpack(udata, \u0026lh, \u0026ns_name);\n\nand if ent-\u003ens_name contains an ns_name in\n1089                 } else if (ent-\u003ens_name) {\n\nthen ns_name is assigned the ent-\u003ens_name\n1095                         ns_name = ent-\u003ens_name;\n\nhowever ent-\u003ens_name is freed at\n1262                 aa_load_ent_free(ent);\n\nand then again when freeing ns_name at\n1270         kfree(ns_name);\n\nFix this by NULLing out ent-\u003ens_name after it is transferred to ns_name\n\n\")",
  "id": "GHSA-qcx9-4fj7-jf29",
  "modified": "2026-04-18T09:30:19Z",
  "published": "2026-04-01T09:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23408"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/18b5233e860c294a847ee07869d93c0b8673a54b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35f4caec1352054b9a61cfdf2bf1898073637aa0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55ef2af7490aaf72f8ffe11ec44c6bcb7eb2162a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5df0c44e8f5f619d3beb871207aded7c78414502"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7998ab3010d2317643f91828f1853d954ef31387"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/86feeccd6b93ed94bd6655f30de80f163f8d5a45"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c053ae381ce227577567d1ef10090ce7506d7a28"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6347a2116ecccb8fd9ee4ebc75ae41d1d7ef689"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF22-W2VM-6C9M

Vulnerability from github – Published: 2025-12-02 03:31 – Updated: 2025-12-02 15:30
VLAI
Details

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4801.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-02T03:16:18Z",
    "severity": "MODERATE"
  },
  "details": "In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4801.",
  "id": "GHSA-qf22-w2vm-6c9m",
  "modified": "2025-12-02T15:30:31Z",
  "published": "2025-12-02T03:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20772"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFC5-MCWQ-26Q8

Vulnerability from github – Published: 2020-03-12 17:02 – Updated: 2024-10-21 21:03
VLAI
Summary
Double Free in psutil
Details

psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.6.5"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "psutil"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.6.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-18874"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-03-12T17:02:28Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.",
  "id": "GHSA-qfc5-mcwq-26q8",
  "modified": "2024-10-21T21:03:36Z",
  "published": "2020-03-12T17:02:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18874"
    },
    {
      "type": "WEB",
      "url": "https://github.com/giampaolo/psutil/pull/1616"
    },
    {
      "type": "WEB",
      "url": "https://github.com/giampaolo/psutil/commit/7d512c8e4442a896d56505be3e78f1156f443465"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-qfc5-mcwq-26q8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/giampaolo/psutil"
    },
    {
      "type": "WEB",
      "url": "https://github.com/giampaolo/psutil/blob/master/HISTORY.rst#566"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/psutil/PYSEC-2019-41.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P7QI7MOTZTFXQYU23CP3RAWXCERMOAS"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLETTJYZL2SMBUI4Q2NGBMGPDPP54SRG"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4204-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Double Free in psutil"
}

GHSA-QGC6-G85M-P5FG

Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-05 00:00
VLAI
Details

SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-28T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.",
  "id": "GHSA-qgc6-g85m-p5fg",
  "modified": "2022-08-05T00:00:24Z",
  "published": "2022-07-29T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36234"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kashimAstro/SimpleNetwork/issues/22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJ5H-583M-QH6V

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-01T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).",
  "id": "GHSA-qj5h-583m-qh6v",
  "modified": "2022-05-24T19:06:45Z",
  "published": "2022-05-24T19:06:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36080"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibreDWG/libredwg/commit/9b6e0ff9ef02818df034fc42c3bd149a5ff89342"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31724"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-495.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QM6R-96CC-Q36W

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-11 09:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Completely fix fcport double free

In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When an error happens, this function is called by qla2x00_sp_release(), when kref_put() releases the first and the last reference.

qla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport(). Doing it one more time after kref_put() is a bad idea.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43414"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:53Z",
    "severity": "CRITICAL"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Completely fix fcport double free\n\nIn qla24xx_els_dcmd_iocb() sp-\u003efree is set to qla2x00_els_dcmd_sp_free().\nWhen an error happens, this function is called by qla2x00_sp_release(),\nwhen kref_put() releases the first and the last reference.\n\nqla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport().\nDoing it one more time after kref_put() is a bad idea.",
  "id": "GHSA-qm6r-96cc-q36w",
  "modified": "2026-05-11T09:30:31Z",
  "published": "2026-05-08T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43414"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0b7da13a04bd70ef6070bfb9ea85f582294560a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d48ea85463f5b34f7b92ea0a13eddf1ab993da7b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM7Q-X8GP-F7M8

Vulnerability from github – Published: 2022-05-17 01:57 – Updated: 2022-05-17 01:57
VLAI
Details

Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12858"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-23T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.",
  "id": "GHSA-qm7q-x8gp-f7m8",
  "modified": "2022-05-17T01:57:26Z",
  "published": "2022-05-17T01:57:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12858"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100459"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.