CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
965 vulnerabilities reference this CWE, most recent first.
GHSA-28F3-55MQ-PP68
Vulnerability from github – Published: 2026-06-23 06:30 – Updated: 2026-07-08 15:31A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).
{
"affected": [],
"aliases": [
"CVE-2026-55653"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-23T04:17:36Z",
"severity": "MODERATE"
},
"details": "A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).",
"id": "GHSA-28f3-55mq-pp68",
"modified": "2026-07-08T15:31:41Z",
"published": "2026-06-23T06:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55653"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36759"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-55653"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2462351"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-29HG-R7C7-54FR
Vulnerability from github – Published: 2021-08-25 20:55 – Updated: 2021-08-19 17:05An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "insert_many"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29933"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:05:09Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.",
"id": "GHSA-29hg-r7c7-54fr",
"modified": "2021-08-19T17:05:09Z",
"published": "2021-08-25T20:55:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29933"
},
{
"type": "WEB",
"url": "https://github.com/rphmeier/insert_many/issues/1"
},
{
"type": "PACKAGE",
"url": "https://github.com/rphmeier/insert_many"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0042.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in insert_many"
}
GHSA-29R7-6CJ9-GH39
Vulnerability from github – Published: 2022-05-13 01:54 – Updated: 2022-05-13 01:54A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
{
"affected": [],
"aliases": [
"CVE-2018-16424"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-04T00:29:00Z",
"severity": "MODERATE"
},
"details": "A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.",
"id": "GHSA-29r7-6cj9-gh39",
"modified": "2022-05-13T01:54:14Z",
"published": "2022-05-13T01:54:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16424"
},
{
"type": "WEB",
"url": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063"
},
{
"type": "WEB",
"url": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html"
},
{
"type": "WEB",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2C9F-4H7M-WQR9
Vulnerability from github – Published: 2024-12-28 12:30 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
EDAC/igen6: Avoid segmentation fault on module unload
The segmentation fault happens because:
During modprobe: 1. In igen6_probe(), igen6_pvt will be allocated with kzalloc() 2. In igen6_register_mci(), mci->pvt_info will point to &igen6_pvt->imc[mc]
During rmmod: 1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info) 2. In igen6_remove(), it will kfree(igen6_pvt);
Fix this issue by setting mci->pvt_info to NULL to avoid the double kfree.
{
"affected": [],
"aliases": [
"CVE-2024-56708"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-28T10:15:20Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/igen6: Avoid segmentation fault on module unload\n\nThe segmentation fault happens because:\n\nDuring modprobe:\n1. In igen6_probe(), igen6_pvt will be allocated with kzalloc()\n2. In igen6_register_mci(), mci-\u003epvt_info will point to\n \u0026igen6_pvt-\u003eimc[mc]\n\nDuring rmmod:\n1. In mci_release() in edac_mc.c, it will kfree(mci-\u003epvt_info)\n2. In igen6_remove(), it will kfree(igen6_pvt);\n\nFix this issue by setting mci-\u003epvt_info to NULL to avoid the double\nkfree.",
"id": "GHSA-2c9f-4h7m-wqr9",
"modified": "2025-11-03T21:32:02Z",
"published": "2024-12-28T12:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56708"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/029ac07bb92d2f7502d47a4916f197a8445d83bf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a80e710bbc088a2511c159ee4d910456c5f0832"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/830cabb61113d92a425dd3038ccedbdfb3c8d079"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db60326f2c47b079e36785ace621eb3002db2088"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5c7052664b61f9e2f896702d20552707d0ef60a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fefaae90398d38a1100ccd73b46ab55ff4610fba"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2F5J-3MHQ-XV58
Vulnerability from github – Published: 2021-08-25 20:58 – Updated: 2023-06-13 22:04Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment. This results in consistent double-frees and segfaults when calling sys_info::disk_info from multiple threads at once. The issue was fixed by moving the global variable into a local scope.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "sys-info"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-36434"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-18T20:16:40Z",
"nvd_published_at": "2021-08-08T06:15:00Z",
"severity": "CRITICAL"
},
"details": "Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment. This results in consistent double-frees and segfaults when calling sys_info::disk_info from multiple threads at once. The issue was fixed by moving the global variable into a local scope.",
"id": "GHSA-2f5j-3mhq-xv58",
"modified": "2023-06-13T22:04:49Z",
"published": "2021-08-25T20:58:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36434"
},
{
"type": "WEB",
"url": "https://github.com/FillZpp/sys-info-rs/issues/63"
},
{
"type": "PACKAGE",
"url": "https://github.com/FillZpp/sys-info-rs"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/sys-info/RUSTSEC-2020-0100.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0100.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in sys-info "
}
GHSA-2F86-J3W8-9473
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
{
"affected": [],
"aliases": [
"CVE-2021-1934"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-09T08:15:00Z",
"severity": "HIGH"
},
"details": "Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT",
"id": "GHSA-2f86-j3w8-9473",
"modified": "2022-05-24T19:14:05Z",
"published": "2022-05-24T19:14:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1934"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2G52-F4RF-8VM9
Vulnerability from github – Published: 2026-02-18 21:31 – Updated: 2026-02-27 00:31A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.
{
"affected": [],
"aliases": [
"CVE-2025-12343"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-18T21:16:20Z",
"severity": "LOW"
},
"details": "A flaw was found in FFmpeg\u2019s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.",
"id": "GHSA-2g52-f4rf-8vm9",
"modified": "2026-02-27T00:31:44Z",
"published": "2026-02-18T21:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12343"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-12343"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406533"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2GWG-MMMC-55J4
Vulnerability from github – Published: 2022-05-14 03:13 – Updated: 2025-04-20 03:33The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
{
"affected": [],
"aliases": [
"CVE-2017-6074"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-18T21:59:00Z",
"severity": "HIGH"
},
"details": "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.",
"id": "GHSA-2gwg-mmmc-55j4",
"modified": "2025-04-20T03:33:04Z",
"published": "2022-05-14T03:13:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6074"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1209"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41457"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41458"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2017-07"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0293.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0294.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0295.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0316.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0324.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0345.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0365.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0366.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0403.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0501.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/22/3"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96310"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037876"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2HPW-5CJM-953F
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2025-06-09 15:31The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
{
"affected": [],
"aliases": [
"CVE-2021-27645"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-24T15:15:00Z",
"severity": "MODERATE"
},
"details": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.",
"id": "GHSA-2hpw-5cjm-953f",
"modified": "2025-06-09T15:31:32Z",
"published": "2022-05-24T17:43:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27645"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-07"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27462"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2HWQ-42HC-RHQV
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
In lan78xx_probe(), the buffer buf was being freed twice: once
implicitly through usb_free_urb(dev->urb_intr) with the
URB_FREE_BUFFER flag and again explicitly by kfree(buf). This caused
a double free issue.
To resolve this, reordered kmalloc() and usb_alloc_urb() calls to
simplify the initialization sequence and removed the redundant
kfree(buf). Now, buf is allocated after usb_alloc_urb(), ensuring
it is correctly managed by usb_fill_int_urb() and freed by
usb_free_urb() as intended.
{
"affected": [],
"aliases": [
"CVE-2024-53213"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T14:15:29Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix double free issue with interrupt buffer allocation\n\nIn lan78xx_probe(), the buffer `buf` was being freed twice: once\nimplicitly through `usb_free_urb(dev-\u003eurb_intr)` with the\n`URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused\na double free issue.\n\nTo resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to\nsimplify the initialization sequence and removed the redundant\n`kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring\nit is correctly managed by `usb_fill_int_urb()` and freed by\n`usb_free_urb()` as intended.",
"id": "GHSA-2hwq-42hc-rhqv",
"modified": "2026-06-01T18:31:19Z",
"published": "2024-12-27T15:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53213"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03819abbeb11117dcbba40bfe322b88c0c88a6b6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2970ef2fce90c661952ec2b451b0276d5f8d6180"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ac9f3c981eeceee2ec4d30d850f4a6f50a1ec40"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/977128343fc2a30737399b58df8ea77e94f164bd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a422ebec863d99d5607fb41bb7af3347fcb436d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b09512aea6223eec756f52aa584fc29eeab57480"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc5aa8e3ad69dcedeba79e667d4a2efb72a305af"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.