Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

965 vulnerabilities reference this CWE, most recent first.

GHSA-MJ55-6P4Q-86F4

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04
VLAI
Details

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.",
  "id": "GHSA-mj55-6p4q-86f4",
  "modified": "2022-05-24T17:04:22Z",
  "published": "2022-05-24T17:04:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8635"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT210119"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MJFV-Q5WP-VG8F

Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32
VLAI
Details

Memory corruption while processing multiple simultaneous escape calls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27046"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T13:15:31Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while processing multiple simultaneous escape calls.",
  "id": "GHSA-mjfv-q5wp-vg8f",
  "modified": "2025-07-08T15:32:02Z",
  "published": "2025-07-08T15:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27046"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MM54-95HQ-F739

Vulnerability from github – Published: 2022-05-14 00:59 – Updated: 2022-05-14 00:59
VLAI
Details

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-27T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.",
  "id": "GHSA-mm54-95hq-f739",
  "modified": "2022-05-14T00:59:49Z",
  "published": "2022-05-14T00:59:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3829"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3600"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gnutls/gnutls/issues/694"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201904-14"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190619-0004"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3999-1"
    },
    {
      "type": "WEB",
      "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MM7V-VPV8-XFC3

Vulnerability from github – Published: 2021-08-25 20:44 – Updated: 2023-06-13 20:57
VLAI
Summary
Double free in smallvec
Details

Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "smallvec"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.6.5"
            },
            {
              "fixed": "0.6.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-15551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:22:23Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution.",
  "id": "GHSA-mm7v-vpv8-xfc3",
  "modified": "2023-06-13T20:57:37Z",
  "published": "2021-08-25T20:44:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15551"
    },
    {
      "type": "WEB",
      "url": "https://github.com/servo/rust-smallvec/issues/148"
    },
    {
      "type": "WEB",
      "url": "https://github.com/servo/rust-smallvec/issues/149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/servo/rust-smallvec/commit/c20cfa8584e649f00dc0767ab6fad63a3f59a296"
    },
    {
      "type": "WEB",
      "url": "https://github.com/servo/rust-smallvec/commit/f96322b9243405cc82701cc73f1b19313b413ab4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/servo/rust-smallvec"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2019-0009.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Double free in smallvec"
}

GHSA-MMJC-3G2P-897M

Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2024-02-02 15:30
VLAI
Details

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2003-0545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-11-17T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.",
  "id": "GHSA-mmjc-3g2p-897m",
  "modified": "2024-02-02T15:30:25Z",
  "published": "2022-04-29T01:26:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0545"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22249"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.org/advisories/CA-2003-26.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2003/dsa-394"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/935264"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/8732"
    },
    {
      "type": "WEB",
      "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3900"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MMXR-6344-9FV5

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-27T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().",
  "id": "GHSA-mmxr-6344-9fv5",
  "modified": "2022-05-13T01:47:00Z",
  "published": "2022-05-13T01:47:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7521"
    },
    {
      "type": "WEB",
      "url": "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3900"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99230"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038768"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MP7X-6P2G-HMWV

Vulnerability from github – Published: 2023-12-13 09:30 – Updated: 2023-12-13 09:30
VLAI
Details

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41678"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-13T07:15:17Z",
    "severity": "HIGH"
  },
  "details": "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.",
  "id": "GHSA-mp7x-6p2g-hmwv",
  "modified": "2023-12-13T09:30:32Z",
  "published": "2023-12-13T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41678"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-23-196"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPJJ-M3FM-3JJF

Vulnerability from github – Published: 2022-01-14 00:02 – Updated: 2023-05-27 06:30
VLAI
Details

The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-13T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.",
  "id": "GHSA-mpjj-m3fm-3jjf",
  "modified": "2023-05-27T06:30:38Z",
  "published": "2022-01-14T00:02:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40572"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/1893"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPWP-WHHG-QQX4

Vulnerability from github – Published: 2026-01-26 18:31 – Updated: 2026-01-26 21:30
VLAI
Details

A Double Free in XSLT show_index has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-57785"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-26T18:16:27Z",
    "severity": "MODERATE"
  },
  "details": "A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.",
  "id": "GHSA-mpwp-whhg-qqx4",
  "modified": "2026-01-26T21:30:36Z",
  "published": "2026-01-26T18:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57785"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/xslt.c?ref_type=heads#L675"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MR4G-FQM8-VJPV

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35
VLAI
Details

A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0160"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-28T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818.",
  "id": "GHSA-mr4g-fqm8-vjpv",
  "modified": "2022-05-13T01:35:44Z",
  "published": "2022-05-13T01:35:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0160"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103575"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040584"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.