CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-5J8W-R7G8-5472
Vulnerability from github – Published: 2022-06-16 23:42 – Updated: 2022-06-16 23:42The struct Ffi_ArrowArray implements #derive(Clone) that is inconsistent with
its custom implementation of Drop, resulting in a double free when cloned.
Cloning this struct in safe results in a segmentation fault, which is unsound.
This derive was removed from this struct. All users are advised to either:
* bump the patch version of this crate (for versions v0.7,v0.8,v0.9), or
* migrate to a more recent version of the crate (when using <0.7).
Doing so elimitates this vulnerability (code no longer compiles).
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "arrow2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "arrow2"
},
"ranges": [
{
"events": [
{
"introduced": "0.8.0"
},
{
"fixed": "0.8.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "arrow2"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.0"
},
{
"fixed": "0.9.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-16T23:42:08Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The struct `Ffi_ArrowArray` implements `#derive(Clone)` that is inconsistent with\nits custom implementation of `Drop`, resulting in a double free when cloned.\n\nCloning this struct in `safe` results in a segmentation fault, which is unsound.\n\nThis derive was removed from this struct. All users are advised to either:\n* bump the patch version of this crate (for versions `v0.7,v0.8,v0.9`), or\n* migrate to a more recent version of the crate (when using `\u003c0.7`).\n\nDoing so elimitates this vulnerability (code no longer compiles).\n",
"id": "GHSA-5j8w-r7g8-5472",
"modified": "2022-06-16T23:42:08Z",
"published": "2022-06-16T23:42:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jorgecarleitao/arrow2/issues/880"
},
{
"type": "PACKAGE",
"url": "https://github.com/jorgecarleitao/arrow2"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2022-0012.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Arrow2 allows double free in `safe` code"
}
GHSA-5J9H-62W2-P327
Vulnerability from github – Published: 2022-05-03 03:18 – Updated: 2022-05-03 03:18Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
{
"affected": [],
"aliases": [
"CVE-2007-1216"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-04-06T01:19:00Z",
"severity": "HIGH"
},
"details": "Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\".",
"id": "GHSA-5j9h-62w2-p327",
"modified": "2022-05-03T03:18:04Z",
"published": "2022-05-03T03:18:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1216"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33413"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11135"
},
{
"type": "WEB",
"url": "http://docs.info.apple.com/article.html?artnum=305391"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056923"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24706"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24735"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24736"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24740"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24750"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24757"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24785"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24786"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24817"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24966"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25388"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
},
{
"type": "WEB",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/419344"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/464591/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/23282"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1017852"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1470"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1916"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5JFV-85HV-2CMX
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-03-25 12:30In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix handling of lrbp->cmd
ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is completed. Hence make the following changes:
-
In the functions that submit a command, do not check the old value of lrbp->cmd nor clear lrbp->cmd in error paths.
-
In ufshcd_release_scsi_cmd(), do not clear lrbp->cmd.
See also scsi_send_eh_cmnd().
This commit prevents that the following appears if a command times out:
WARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8 Call trace: ufshcd_queuecommand+0x6f8/0x9a8 scsi_send_eh_cmnd+0x2c0/0x960 scsi_eh_test_devices+0x100/0x314 scsi_eh_ready_devs+0xd90/0x114c scsi_error_handler+0x2b4/0xb70 kthread+0x16c/0x1e0
{
"affected": [],
"aliases": [
"CVE-2023-53510"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:54Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix handling of lrbp-\u003ecmd\n\nufshcd_queuecommand() may be called two times in a row for a SCSI command\nbefore it is completed. Hence make the following changes:\n\n - In the functions that submit a command, do not check the old value of\n lrbp-\u003ecmd nor clear lrbp-\u003ecmd in error paths.\n\n - In ufshcd_release_scsi_cmd(), do not clear lrbp-\u003ecmd.\n\nSee also scsi_send_eh_cmnd().\n\nThis commit prevents that the following appears if a command times out:\n\nWARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8\nCall trace:\n ufshcd_queuecommand+0x6f8/0x9a8\n scsi_send_eh_cmnd+0x2c0/0x960\n scsi_eh_test_devices+0x100/0x314\n scsi_eh_ready_devs+0xd90/0x114c\n scsi_error_handler+0x2b4/0xb70\n kthread+0x16c/0x1e0",
"id": "GHSA-5jfv-85hv-2cmx",
"modified": "2026-03-25T12:30:18Z",
"published": "2025-10-01T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53510"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/49234a401e161a2f2698f4612ab792c49b3cad1b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/549e91a9bbaa0ee480f59357868421a61d369770"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b6d76d63c6d21d5d26c301a46853a2aee72397d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f3ee24af62681b942bbd799ac77b90a6d7e1fdb1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5JJ2-QHXW-RPQ6
Vulnerability from github – Published: 2026-02-23 21:31 – Updated: 2026-02-24 21:31libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
{
"affected": [],
"aliases": [
"CVE-2025-61145"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-23T19:22:56Z",
"severity": "MODERATE"
},
"details": "libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.",
"id": "GHSA-5jj2-qhxw-rpq6",
"modified": "2026-02-24T21:31:41Z",
"published": "2026-02-23T21:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61145"
},
{
"type": "WEB",
"url": "https://gist.github.com/optionGo/062f109569196dbffd8ac12020b42289"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/736"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/753"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5JRF-78P7-HW2R
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-10 18:31In the Linux kernel, the following vulnerability has been resolved:
IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF
In the unlikely event that workqueue allocation fails and returns NULL in mlx5_mkey_cache_init(), delete the call to mlx5r_umr_resource_cleanup() (which frees the QP) in mlx5_ib_stage_post_ib_reg_umr_init(). This will avoid attempted double free of the same QP when __mlx5_ib_add() does its cleanup.
Resolves a splat:
Syzkaller reported a UAF in ib_destroy_qp_user
workqueue: Failed to create a rescuer kthread for wq "mkey_cache": -EINTR infiniband mlx5_0: mlx5_mkey_cache_init:981:(pid 1642): failed to create work queue infiniband mlx5_0: mlx5_ib_stage_post_ib_reg_umr_init:4075:(pid 1642): mr cache init failed -12 ================================================================== BUG: KASAN: slab-use-after-free in ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073) Read of size 8 at addr ffff88810da310a8 by task repro_upstream/1642
Call Trace: kasan_report (mm/kasan/report.c:590) ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073) mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198) __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4178) mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402) ...
Allocated by task 1642: __kmalloc (./include/linux/kasan.h:198 mm/slab_common.c:1026 mm/slab_common.c:1039) create_qp (./include/linux/slab.h:603 ./include/linux/slab.h:720 ./include/rdma/ib_verbs.h:2795 drivers/infiniband/core/verbs.c:1209) ib_create_qp_kernel (drivers/infiniband/core/verbs.c:1347) mlx5r_umr_resource_init (drivers/infiniband/hw/mlx5/umr.c:164) mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4070) __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168) mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402) ...
Freed by task 1642: __kmem_cache_free (mm/slub.c:1826 mm/slub.c:3809 mm/slub.c:3822) ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2112) mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198) mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4076 drivers/infiniband/hw/mlx5/main.c:4065) __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168) mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402) ...
{
"affected": [],
"aliases": [
"CVE-2023-52851"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:22Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF\n\nIn the unlikely event that workqueue allocation fails and returns NULL in\nmlx5_mkey_cache_init(), delete the call to\nmlx5r_umr_resource_cleanup() (which frees the QP) in\nmlx5_ib_stage_post_ib_reg_umr_init(). This will avoid attempted double\nfree of the same QP when __mlx5_ib_add() does its cleanup.\n\nResolves a splat:\n\n Syzkaller reported a UAF in ib_destroy_qp_user\n\n workqueue: Failed to create a rescuer kthread for wq \"mkey_cache\": -EINTR\n infiniband mlx5_0: mlx5_mkey_cache_init:981:(pid 1642):\n failed to create work queue\n infiniband mlx5_0: mlx5_ib_stage_post_ib_reg_umr_init:4075:(pid 1642):\n mr cache init failed -12\n ==================================================================\n BUG: KASAN: slab-use-after-free in ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073)\n Read of size 8 at addr ffff88810da310a8 by task repro_upstream/1642\n\n Call Trace:\n \u003cTASK\u003e\n kasan_report (mm/kasan/report.c:590)\n ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2073)\n mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198)\n __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4178)\n mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)\n ...\n \u003c/TASK\u003e\n\n Allocated by task 1642:\n __kmalloc (./include/linux/kasan.h:198 mm/slab_common.c:1026\n mm/slab_common.c:1039)\n create_qp (./include/linux/slab.h:603 ./include/linux/slab.h:720\n ./include/rdma/ib_verbs.h:2795 drivers/infiniband/core/verbs.c:1209)\n ib_create_qp_kernel (drivers/infiniband/core/verbs.c:1347)\n mlx5r_umr_resource_init (drivers/infiniband/hw/mlx5/umr.c:164)\n mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4070)\n __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168)\n mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)\n ...\n\n Freed by task 1642:\n __kmem_cache_free (mm/slub.c:1826 mm/slub.c:3809 mm/slub.c:3822)\n ib_destroy_qp_user (drivers/infiniband/core/verbs.c:2112)\n mlx5r_umr_resource_cleanup (drivers/infiniband/hw/mlx5/umr.c:198)\n mlx5_ib_stage_post_ib_reg_umr_init (drivers/infiniband/hw/mlx5/main.c:4076\n drivers/infiniband/hw/mlx5/main.c:4065)\n __mlx5_ib_add (drivers/infiniband/hw/mlx5/main.c:4168)\n mlx5r_probe (drivers/infiniband/hw/mlx5/main.c:4402)\n ...",
"id": "GHSA-5jrf-78p7-hw2r",
"modified": "2025-01-10T18:31:38Z",
"published": "2024-05-21T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52851"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ef422f063b74adcc4a4a9004b0a87bb55e0a836"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/437f033e30c897bb3723eac9e9003cd9f88d00a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f4a7a7d1404297f2a92df0046f7e64dc5c52dd9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6387f269d84e6e149499408c4d1fc805017729b2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5MJX-CFHC-V8VM
Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30Memory corruption due to double free when multiple threads race to set the timestamp store.
{
"affected": [],
"aliases": [
"CVE-2025-47316"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T16:15:36Z",
"severity": "HIGH"
},
"details": "Memory corruption due to double free when multiple threads race to set the timestamp store.",
"id": "GHSA-5mjx-cfhc-v8vm",
"modified": "2025-09-24T18:30:30Z",
"published": "2025-09-24T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47316"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5MPG-37CW-J7G5
Vulnerability from github – Published: 2022-02-20 00:00 – Updated: 2026-04-24 15:32In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
{
"affected": [],
"aliases": [
"CVE-2021-46700"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-19T19:15:00Z",
"severity": "MODERATE"
},
"details": "In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.",
"id": "GHSA-5mpg-37cw-j7g5",
"modified": "2026-04-24T15:32:17Z",
"published": "2022-02-20T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46700"
},
{
"type": "WEB",
"url": "https://github.com/saitoha/libsixel/issues/158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5P33-CX2M-4X9V
Vulnerability from github – Published: 2025-04-17 21:30 – Updated: 2025-04-17 21:30In the Linux kernel, the following vulnerability has been resolved:
md: fix double free of io_acct_set bioset
Now io_acct_set is alloc and free in personality. Remove the codes that free io_acct_set in md_free and md_stop.
{
"affected": [],
"aliases": [
"CVE-2022-49384"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:15Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix double free of io_acct_set bioset\n\nNow io_acct_set is alloc and free in personality. Remove the codes that\nfree io_acct_set in md_free and md_stop.",
"id": "GHSA-5p33-cx2m-4x9v",
"modified": "2025-04-17T21:30:43Z",
"published": "2025-04-17T21:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49384"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36a2fc44c574a59ee3b5e2cb327182f227b2b07e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42b805af102471f53e3c7867b8c2b502ea4eef7e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea7d7bd90079d96f9c86bdaf0b106e0cd2a70661"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f99d5b5dc8a42c807b5f1176b925aa45d61962ab"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5P3V-8PVQ-68MJ
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Microsoft Excel Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-26257"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:47Z",
"severity": "HIGH"
},
"details": "Microsoft Excel Remote Code Execution Vulnerability",
"id": "GHSA-5p3v-8pvq-68mj",
"modified": "2024-04-09T18:30:26Z",
"published": "2024-04-09T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26257"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5P7M-P5M3-7W56
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-47975"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:15:37Z",
"severity": "HIGH"
},
"details": "Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-5p7m-p5m3-7w56",
"modified": "2025-07-08T18:31:44Z",
"published": "2025-07-08T18:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47975"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47975"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.