CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
965 vulnerabilities reference this CWE, most recent first.
GHSA-MJ55-6P4Q-86F4
Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.
{
"affected": [],
"aliases": [
"CVE-2019-8635"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-18T18:15:00Z",
"severity": "HIGH"
},
"details": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.",
"id": "GHSA-mj55-6p4q-86f4",
"modified": "2022-05-24T17:04:22Z",
"published": "2022-05-24T17:04:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8635"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT210119"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MJFV-Q5WP-VG8F
Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32Memory corruption while processing multiple simultaneous escape calls.
{
"affected": [],
"aliases": [
"CVE-2025-27046"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T13:15:31Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing multiple simultaneous escape calls.",
"id": "GHSA-mjfv-q5wp-vg8f",
"modified": "2025-07-08T15:32:02Z",
"published": "2025-07-08T15:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27046"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MM54-95HQ-F739
Vulnerability from github – Published: 2022-05-14 00:59 – Updated: 2022-05-14 00:59A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
{
"affected": [],
"aliases": [
"CVE-2019-3829"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-27T18:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.",
"id": "GHSA-mm54-95hq-f739",
"modified": "2022-05-14T00:59:49Z",
"published": "2022-05-14T00:59:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3829"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"type": "WEB",
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190619-0004"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3999-1"
},
{
"type": "WEB",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MM7V-VPV8-XFC3
Vulnerability from github – Published: 2021-08-25 20:44 – Updated: 2023-06-13 20:57Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "smallvec"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.5"
},
{
"fixed": "0.6.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-15551"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:22:23Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution.",
"id": "GHSA-mm7v-vpv8-xfc3",
"modified": "2023-06-13T20:57:37Z",
"published": "2021-08-25T20:44:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15551"
},
{
"type": "WEB",
"url": "https://github.com/servo/rust-smallvec/issues/148"
},
{
"type": "WEB",
"url": "https://github.com/servo/rust-smallvec/issues/149"
},
{
"type": "WEB",
"url": "https://github.com/servo/rust-smallvec/commit/c20cfa8584e649f00dc0767ab6fad63a3f59a296"
},
{
"type": "WEB",
"url": "https://github.com/servo/rust-smallvec/commit/f96322b9243405cc82701cc73f1b19313b413ab4"
},
{
"type": "PACKAGE",
"url": "https://github.com/servo/rust-smallvec"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Double free in smallvec"
}
GHSA-MMJC-3G2P-897M
Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2024-02-02 15:30Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
{
"affected": [],
"aliases": [
"CVE-2003-0545"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2003-11-17T05:00:00Z",
"severity": "HIGH"
},
"details": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.",
"id": "GHSA-mmjc-3g2p-897m",
"modified": "2024-02-02T15:30:25Z",
"published": "2022-04-29T01:26:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0545"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22249"
},
{
"type": "WEB",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
},
{
"type": "WEB",
"url": "http://www.cert.org/advisories/CA-2003-26.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2003/dsa-394"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/935264"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/8732"
},
{
"type": "WEB",
"url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/3900"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMXR-6344-9FV5
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
{
"affected": [],
"aliases": [
"CVE-2017-7521"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-27T13:29:00Z",
"severity": "MODERATE"
},
"details": "OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().",
"id": "GHSA-mmxr-6344-9fv5",
"modified": "2022-05-13T01:47:00Z",
"published": "2022-05-13T01:47:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7521"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3900"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99230"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038768"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MP7X-6P2G-HMWV
Vulnerability from github – Published: 2023-12-13 09:30 – Updated: 2023-12-13 09:30A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
{
"affected": [],
"aliases": [
"CVE-2023-41678"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-13T07:15:17Z",
"severity": "HIGH"
},
"details": "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.",
"id": "GHSA-mp7x-6p2g-hmwv",
"modified": "2023-12-13T09:30:32Z",
"published": "2023-12-13T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41678"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-23-196"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPJJ-M3FM-3JJF
Vulnerability from github – Published: 2022-01-14 00:02 – Updated: 2023-05-27 06:30The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-40572"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-13T19:15:00Z",
"severity": "MODERATE"
},
"details": "The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.",
"id": "GHSA-mpjj-m3fm-3jjf",
"modified": "2023-05-27T06:30:38Z",
"published": "2022-01-14T00:02:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40572"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1893"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPWP-WHHG-QQX4
Vulnerability from github – Published: 2026-01-26 18:31 – Updated: 2026-01-26 21:30A Double Free in XSLT show_index has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2025-57785"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-26T18:16:27Z",
"severity": "MODERATE"
},
"details": "A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.",
"id": "GHSA-mpwp-whhg-qqx4",
"modified": "2026-01-26T21:30:36Z",
"published": "2026-01-26T18:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57785"
},
{
"type": "WEB",
"url": "https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/xslt.c?ref_type=heads#L675"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MR4G-FQM8-VJPV
Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818.
{
"affected": [],
"aliases": [
"CVE-2018-0160"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-28T22:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818.",
"id": "GHSA-mr4g-fqm8-vjpv",
"modified": "2022-05-13T01:35:44Z",
"published": "2022-05-13T01:35:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0160"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103575"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040584"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.