Common Weakness Enumeration

CWE-415

Allowed

Double Free

Abstraction: Variant · Status: Draft

The product calls free() twice on the same memory address.

965 vulnerabilities reference this CWE, most recent first.

GHSA-3RVP-XPMC-FGRF

Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-06-11 18:30
VLAI
Details

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-11T17:15:58Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability",
  "id": "GHSA-3rvp-xpmc-fgrf",
  "modified": "2024-06-11T18:30:49Z",
  "published": "2024-06-11T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30097"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30097"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3V9C-8RH8-VMJ3

Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21
VLAI
Details

Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-22T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130",
  "id": "GHSA-3v9c-8rh8-vmj3",
  "modified": "2022-05-24T17:21:22Z",
  "published": "2022-05-24T17:21:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14091"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3VVP-8645-4QMR

Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI
Details

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-29T12:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.",
  "id": "GHSA-3vvp-8645-4qmr",
  "modified": "2022-05-13T01:16:29Z",
  "published": "2022-05-13T01:16:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18751"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3643"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefree"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruption"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3815-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3815-2"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3X9F-3C9H-X7GJ

Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30
VLAI
Details

Windows Graphics Component Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T17:15:29Z",
    "severity": "HIGH"
  },
  "details": "Windows Graphics Component Elevation of Privilege Vulnerability",
  "id": "GHSA-3x9f-3c9h-x7gj",
  "modified": "2024-09-10T18:30:46Z",
  "published": "2024-09-10T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38247"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38247"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3X9F-9PXV-Q52X

Vulnerability from github – Published: 2023-01-06 21:30 – Updated: 2025-04-09 21:30
VLAI
Details

The DUBAI module has a double free vulnerability.Successful exploitation of this vulnerability may affect system availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47975"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-06T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The DUBAI module has a double free vulnerability.Successful exploitation of this vulnerability may affect system availability.",
  "id": "GHSA-3x9f-9pxv-q52x",
  "modified": "2025-04-09T21:30:35Z",
  "published": "2023-01-06T21:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47975"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/1"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3XQ4-8C55-JFWQ

Vulnerability from github – Published: 2022-07-23 00:00 – Updated: 2022-07-30 00:00
VLAI
Details

io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2327"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-22T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859",
  "id": "GHSA-3xq4-8c55-jfwq",
  "modified": "2022-07-30T00:00:18Z",
  "published": "2022-07-23T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2327"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=df3f3bb5059d20ef094d6b2f0256c4bf4127a859"
    },
    {
      "type": "WEB",
      "url": "https://kernel.dance/#df3f3bb5059d20ef094d6b2f0256c4bf4127a859"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230203-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-42QM-8J3V-68C9

Vulnerability from github – Published: 2025-03-07 18:31 – Updated: 2025-09-23 15:31
VLAI
Details

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.

We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-07T17:15:20Z",
    "severity": "LOW"
  },
  "details": "A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.3.3006 build 20250108 and later\nQuTS hero h5.2.3.3006 build 20250108 and later",
  "id": "GHSA-42qm-8j3v-68c9",
  "modified": "2025-09-23T15:31:08Z",
  "published": "2025-03-07T18:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53698"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-24-54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-43MR-MM46-M2QQ

Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2024-02-20 15:31
VLAI
Details

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38562"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-20T15:15:08Z",
    "severity": "HIGH"
  },
  "details": "A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.",
  "id": "GHSA-43mr-mm46-m2qq",
  "modified": "2024-02-20T15:31:05Z",
  "published": "2024-02-20T15:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38562"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1829"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-464V-QW54-XXXF

Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2021-12-09 00:01
VLAI
Details

There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash.",
  "id": "GHSA-464v-qw54-xxxf",
  "modified": "2021-12-09T00:01:34Z",
  "published": "2021-12-08T00:01:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37072"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-489P-VFCX-X55R

Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vfio/pci: Fix double free in dma-buf feature

The error path through vfio_pci_core_feature_dma_buf() ignores its own advice to only use dma_buf_put() after dma_buf_export(), instead falling through the entire unwind chain. In the unlikely event that we encounter file descriptor exhaustion, this can result in an unbalanced refcount on the vfio device and double free of allocated objects.

Avoid this by moving the "put" directly into the error path and return the errno rather than entering the unwind chain.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T14:16:43Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Fix double free in dma-buf feature\n\nThe error path through vfio_pci_core_feature_dma_buf() ignores its\nown advice to only use dma_buf_put() after dma_buf_export(), instead\nfalling through the entire unwind chain.  In the unlikely event that\nwe encounter file descriptor exhaustion, this can result in an\nunbalanced refcount on the vfio device and double free of allocated\nobjects.\n\nAvoid this by moving the \"put\" directly into the error path and return\nthe errno rather than entering the unwind chain.",
  "id": "GHSA-489p-vfcx-x55r",
  "modified": "2026-04-27T15:30:38Z",
  "published": "2026-04-22T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31468"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83ad334afc9a645cef1062f5346526b1e36d6516"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e98137f0a874ab36d0946de4707aa48cb7137d1c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a language that provides automatic memory management.

Mitigation
Implementation

Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.

Mitigation
Implementation

Use a static analysis tool to find double free instances.

No CAPEC attack patterns related to this CWE.