CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
967 vulnerabilities reference this CWE, most recent first.
GHSA-FFQC-F68H-QQ8W
Vulnerability from github – Published: 2022-05-14 01:09 – Updated: 2022-05-14 01:09A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
{
"affected": [],
"aliases": [
"CVE-2018-6952"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-13T19:29:00Z",
"severity": "HIGH"
},
"details": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.",
"id": "GHSA-ffqc-f68h-qq8w",
"modified": "2022-05-14T01:09:25Z",
"published": "2022-05-14T01:09:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6952"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
},
{
"type": "WEB",
"url": "https://savannah.gnu.org/bugs/index.php?53133"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103047"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FGG6-XP7M-P38Q
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
{
"affected": [],
"aliases": [
"CVE-2018-8835"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-25T23:29:00Z",
"severity": "HIGH"
},
"details": "Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.",
"id": "GHSA-fgg6-xp7m-p38q",
"modified": "2022-05-13T01:31:48Z",
"published": "2022-05-13T01:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8835"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103972"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FGR8-8JMX-C896
Vulnerability from github – Published: 2026-01-06 03:31 – Updated: 2026-01-06 15:30In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.
{
"affected": [],
"aliases": [
"CVE-2025-20786"
],
"database_specific": {
"cwe_ids": [
"CWE-415",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-06T02:15:42Z",
"severity": "MODERATE"
},
"details": "In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.",
"id": "GHSA-fgr8-8jmx-c896",
"modified": "2026-01-06T15:30:27Z",
"published": "2026-01-06T03:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20786"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FH5V-R835-MW7V
Vulnerability from github – Published: 2022-05-14 03:01 – Updated: 2022-05-14 03:01The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
{
"affected": [],
"aliases": [
"CVE-2017-16820"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-14T21:29:00Z",
"severity": "CRITICAL"
},
"details": "The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).",
"id": "GHSA-fh5v-r835-mw7v",
"modified": "2022-05-14T03:01:48Z",
"published": "2022-05-14T03:01:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16820"
},
{
"type": "WEB",
"url": "https://github.com/collectd/collectd/issues/2291"
},
{
"type": "WEB",
"url": "https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0252"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0299"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0560"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1605"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2615"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/881757"
},
{
"type": "WEB",
"url": "https://github.com/collectd/collectd/releases/tag/collectd-5.6.3"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201803-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHHW-9RJC-7M26
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:45In libwebp 0.5.1, there is a double free bug in libwebpmux.
{
"affected": [],
"aliases": [
"CVE-2016-9969"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-23T18:29:00Z",
"severity": "HIGH"
},
"details": "In libwebp 0.5.1, there is a double free bug in libwebpmux.",
"id": "GHSA-fhhw-9rjc-7m26",
"modified": "2024-04-04T00:45:28Z",
"published": "2022-05-24T16:46:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9969"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/webp/issues/detail?id=322"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHPC-4Q7R-QHMX
Vulnerability from github – Published: 2022-05-14 01:12 – Updated: 2022-05-14 01:12In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.
{
"affected": [],
"aliases": [
"CVE-2018-11840"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-18T18:29:00Z",
"severity": "HIGH"
},
"details": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.",
"id": "GHSA-fhpc-4q7r-qhmx",
"modified": "2022-05-14T01:12:47Z",
"published": "2022-05-14T01:12:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11840"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a3d53bb977b907a5d11d22cad3f8ebf3f1d2b1ed"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107770"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FJCW-72X2-RMMV
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-10-16 19:00In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
{
"affected": [],
"aliases": [
"CVE-2021-31162"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-14T07:15:00Z",
"severity": "CRITICAL"
},
"details": "In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics.",
"id": "GHSA-fjcw-72x2-rmmv",
"modified": "2022-10-16T19:00:30Z",
"published": "2022-05-24T17:47:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31162"
},
{
"type": "WEB",
"url": "https://github.com/rust-lang/rust/issues/83618"
},
{
"type": "WEB",
"url": "https://github.com/rust-lang/rust/pull/83629"
},
{
"type": "WEB",
"url": "https://github.com/rust-lang/rust/pull/84603"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-09"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FJFF-R876-R378
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2025-49688"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:15:54Z",
"severity": "HIGH"
},
"details": "Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-fjff-r876-r378",
"modified": "2025-07-08T18:31:47Z",
"published": "2025-07-08T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49688"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49688"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FJR6-HM39-4CF9
Vulnerability from github – Published: 2021-08-25 20:52 – Updated: 2021-08-19 18:46An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "basic_dsp_matrix"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-25906"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T18:46:23Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.",
"id": "GHSA-fjr6-hm39-4cf9",
"modified": "2021-08-19T18:46:23Z",
"published": "2021-08-25T20:52:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25906"
},
{
"type": "WEB",
"url": "https://github.com/liebharc/basic_dsp/issues/47"
},
{
"type": "PACKAGE",
"url": "https://github.com/liebharc/basic_dsp"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in basic_dsp_matrix"
}
GHSA-FJRG-JF3X-R8JR
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-12-07 21:30A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.
{
"affected": [],
"aliases": [
"CVE-2020-8003"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-27T05:15:00Z",
"severity": "LOW"
},
"details": "A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.",
"id": "GHSA-fjrg-jf3x-r8jr",
"modified": "2022-12-07T21:30:29Z",
"published": "2022-05-24T17:07:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8003"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/commit/f9b079ccc319c98499111f66bd654fc9b56cf15f?merge_request_iid=340"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=3320973c9f2068f60cf6613c2811a8824781878a"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=f9b079ccc319c98499111f66bd654fc9b56cf15f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.