CWE-415
AllowedDouble Free
Abstraction: Variant · Status: Draft
The product calls free() twice on the same memory address.
965 vulnerabilities reference this CWE, most recent first.
GHSA-VXG7-9HGQ-FPHJ
Vulnerability from github – Published: 2026-07-14 18:31 – Updated: 2026-07-14 18:31A denial-of-service security issue exists in the affected products. The security issue stems from improper handling of exceptional conditions when processing crafted CIP packets sent to the adapter. A power cycle is required to recover the module and associated I/O.
{
"affected": [],
"aliases": [
"CVE-2026-12659"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T16:16:45Z",
"severity": "HIGH"
},
"details": "A denial-of-service security issue exists in the affected products. The security issue stems from improper handling of exceptional conditions when processing crafted CIP packets sent to the adapter. A power cycle is required to recover the module and associated I/O.",
"id": "GHSA-vxg7-9hgq-fphj",
"modified": "2026-07-14T18:31:55Z",
"published": "2026-07-14T18:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12659"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1789.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W23X-QG88-3F6R
Vulnerability from github – Published: 2022-05-17 01:27 – Updated: 2022-05-17 01:27Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
{
"affected": [],
"aliases": [
"CVE-2014-1252"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-01-24T15:08:00Z",
"severity": "HIGH"
},
"details": "Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.",
"id": "GHSA-w23x-qg88-3f6r",
"modified": "2022-05-17T01:27:30Z",
"published": "2022-05-17T01:27:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1252"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
},
{
"type": "WEB",
"url": "http://osvdb.org/102460"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56615"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56630"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6117"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6150"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6162"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/65113"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1029683"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W2RQ-PVQ9-XWMF
Vulnerability from github – Published: 2023-09-20 09:30 – Updated: 2024-04-04 07:45Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.
{
"affected": [],
"aliases": [
"CVE-2023-41374"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-20T09:15:16Z",
"severity": "HIGH"
},
"details": "Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.",
"id": "GHSA-w2rq-pvq9-xwmf",
"modified": "2024-04-04T07:45:32Z",
"published": "2023-09-20T09:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41374"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU95282683/index.html"
},
{
"type": "WEB",
"url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W33J-4MRG-PGC3
Vulnerability from github – Published: 2022-08-02 00:00 – Updated: 2025-12-02 21:31A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
{
"affected": [],
"aliases": [
"CVE-2022-2509"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-01T14:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
"id": "GHSA-w33j-4mrg-pgc3",
"modified": "2025-12-02T21:31:24Z",
"published": "2022-08-02T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2509"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-2509"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX"
},
{
"type": "WEB",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5203"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W423-44W8-64MH
Vulnerability from github – Published: 2023-06-16 21:30 – Updated: 2023-11-07 00:30A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
{
"affected": [],
"aliases": [
"CVE-2023-35784"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-16T20:15:09Z",
"severity": "CRITICAL"
},
"details": "A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.",
"id": "GHSA-w423-44w8-64mh",
"modified": "2023-11-07T00:30:31Z",
"published": "2023-06-16T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35784"
},
{
"type": "WEB",
"url": "https://github.com/libressl/openbsd/commit/1d6680b3682f8caba78c627dee60c76da6e20dd7"
},
{
"type": "WEB",
"url": "https://github.com/libressl/openbsd/commit/96094ca8757b95298f49d65c813f303bd514b27b"
},
{
"type": "WEB",
"url": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54"
},
{
"type": "WEB",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt"
},
{
"type": "WEB",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt"
},
{
"type": "WEB",
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig"
},
{
"type": "WEB",
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W443-5H3J-JQCP
Vulnerability from github – Published: 2025-05-14 00:32 – Updated: 2025-05-15 18:26Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-pg9f-39pc-qf8g. This link is maintained to preserve external references.
Original Description
In crossbeam-channel rust crate, the internal Channel type's Drop method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "crossbeam-channel"
},
"ranges": [
{
"events": [
{
"introduced": "0.5.11"
},
{
"fixed": "0.5.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-15T18:26:22Z",
"nvd_published_at": "2025-05-13T22:15:25Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-pg9f-39pc-qf8g. This link is maintained to preserve external references.\n\n### Original Description\nIn crossbeam-channel rust crate, the internal `Channel` type\u0027s `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.",
"id": "GHSA-w443-5h3j-jqcp",
"modified": "2025-05-15T18:26:22Z",
"published": "2025-05-14T00:32:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4574"
},
{
"type": "WEB",
"url": "https://github.com/crossbeam-rs/crossbeam/pull/1187"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-4574"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358890"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop",
"withdrawn": "2025-05-15T18:26:22Z"
}
GHSA-W48V-5PP6-7H96
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
{
"affected": [],
"aliases": [
"CVE-2017-1000232"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-17T04:29:00Z",
"severity": "CRITICAL"
},
"details": "A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.",
"id": "GHSA-w48v-5pp6-7h96",
"modified": "2022-05-13T01:27:30Z",
"published": "2022-05-13T01:27:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000232"
},
{
"type": "WEB",
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5MW-4W5V-8MGJ
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321
{
"affected": [],
"aliases": [
"CVE-2021-0498"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-11T17:15:00Z",
"severity": "HIGH"
},
"details": "In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321",
"id": "GHSA-w5mw-4w5v-8mgj",
"modified": "2022-05-24T19:04:59Z",
"published": "2022-05-24T19:04:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0498"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2021-05-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W62J-G234-3F6F
Vulnerability from github – Published: 2023-02-03 06:30 – Updated: 2024-02-27 15:30OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not be easy."
{
"affected": [],
"aliases": [
"CVE-2023-25136"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-03T06:15:00Z",
"severity": "CRITICAL"
},
"details": "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that \"exploiting this vulnerability will not be easy.\"",
"id": "GHSA-w62j-g234-3f6f",
"modified": "2024-02-27T15:30:30Z",
"published": "2023-02-03T06:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25136"
},
{
"type": "WEB",
"url": "https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946"
},
{
"type": "WEB",
"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=3522"
},
{
"type": "WEB",
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig"
},
{
"type": "WEB",
"url": "https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=34711565"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202307-01"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230309-0003"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2023/02/02/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/02/13/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/02/23/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/03/06/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/03/09/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W6JM-J85G-VPGJ
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 21:31In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix RSS context delete logic
We need to free the corresponding RSS context VNIC in FW everytime an RSS context is deleted in driver. Commit 667ac333dbb7 added a check to delete the VNIC in FW only when netif_running() is true to help delete RSS contexts with interface down.
Having that condition will make the driver leak VNICs in FW whenever close() happens with active RSS contexts. On the subsequent open(), as part of RSS context restoration, we will end up trying to create extra VNICs for which we did not make any reservation. FW can fail this request, thereby making us lose active RSS contexts.
Suppose an RSS context is deleted already and we try to process a delete request again, then the HWRM functions will check for validity of the request and they simply return if the resource is already freed. So, even for delete-when-down cases, netif_running() check is not necessary.
Remove the netif_running() condition check when deleting an RSS context.
{
"affected": [],
"aliases": [
"CVE-2026-43260"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:46Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RSS context delete logic\n\nWe need to free the corresponding RSS context VNIC\nin FW everytime an RSS context is deleted in driver.\nCommit 667ac333dbb7 added a check to delete the VNIC\nin FW only when netif_running() is true to help delete\nRSS contexts with interface down.\n\nHaving that condition will make the driver leak VNICs\nin FW whenever close() happens with active RSS contexts.\nOn the subsequent open(), as part of RSS context restoration,\nwe will end up trying to create extra VNICs for which we\ndid not make any reservation. FW can fail this request,\nthereby making us lose active RSS contexts.\n\nSuppose an RSS context is deleted already and we try to\nprocess a delete request again, then the HWRM functions\nwill check for validity of the request and they simply\nreturn if the resource is already freed. So, even for\ndelete-when-down cases, netif_running() check is not\nnecessary.\n\nRemove the netif_running() condition check when deleting\nan RSS context.",
"id": "GHSA-w6jm-j85g-vpgj",
"modified": "2026-05-08T21:31:21Z",
"published": "2026-05-06T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43260"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/079986d6db1f8e3d50c55f400cf998ac9690d2c8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/348a5f8d06c7bdf954e13c17ad5f80b59a075604"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a9b89eea4a9cc7726702946ff688d716962fabd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e123d9302d223767bd910bfbcfe607bae909f8ac"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that provides automatic memory management.
Mitigation
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Mitigation
Use a static analysis tool to find double free instances.
No CAPEC attack patterns related to this CWE.