目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-415 双重释放 类漏洞列表 182

CWE-415 双重释放 类弱点 182 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-415 属于内存管理漏洞,指程序对同一内存地址重复调用释放函数。攻击者通常利用此缺陷触发堆损坏,进而实现任意代码执行或导致服务拒绝。开发者应避免此类问题,需确保指针在释放后立即置空,并引入引用计数或所有权机制来严格管理内存生命周期,防止重复释放。

MITRE CWE 官方描述
CWE:CWE-415 Double Free(双重释放) 英文:产品在同一内存地址上两次调用 free()。
常见影响 (1)
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
When a program calls free() twice with the same argument, the program's memory management data structures may become corrupted, potentially leading to the reading or modification of unexpected memory addresses. This corruption can cause the program to crash or, in some circumstances, cause two later…
缓解措施 (3)
Architecture and DesignChoose a language that provides automatic memory management.
ImplementationEnsure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
ImplementationUse a static analysis tool to find double free instances.
代码示例 (2)
The following code shows a simple example of a double free vulnerability.
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);
Bad · C
While contrived, this code should be exploitable on Linux distributions that do not ship with heap-chunk check summing turned on.
#include <stdio.h> #include <unistd.h> #define BUFSIZE1 512 #define BUFSIZE2 ((BUFSIZE1/2) - 8) int main(int argc, char **argv) { char *buf1R1; char *buf2R1; char *buf1R2; buf1R1 = (char *) malloc(BUFSIZE2); buf2R1 = (char *) malloc(BUFSIZE2); free(buf1R1); free(buf2R1); buf1R2 = (char *) malloc(BUFSIZE1); strncpy(buf1R2, argv[1], BUFSIZE1-1); free(buf2R1); free(buf1R2); }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-23918 Apache HTTP Server http2 早期重置双释放及RCE漏洞 — Apache HTTP Server 9.8AICriticalAI2026-05-04
CVE-2026-5657 Wireshark 双重释放漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-33824 Microsoft Windows IKE Extension 资源管理错误漏洞 — Windows 10 Version 1607 9.8 Critical2026-04-14
CVE-2026-32074 Microsoft Projected File System 资源管理错误漏洞 — Windows 10 Version 1809 7.8 High2026-04-14
CVE-2026-32069 Microsoft Projected File System 资源管理错误漏洞 — Windows 10 Version 1809 7.8 High2026-04-14
CVE-2026-26163 Microsoft Windows Kernel 资源管理错误漏洞 — Windows 10 Version 1607 7.8 High2026-04-14
CVE-2026-32219 Microsoft Brokering File System 资源管理错误漏洞 — Windows 11 Version 24H2 7.0 High2026-04-14
CVE-2026-26179 Microsoft Windows Kernel 资源管理错误漏洞 — Windows 11 version 22H3 7.8 High2026-04-14
CVE-2026-26166 Microsoft Windows Shell 资源管理错误漏洞 — Windows 11 version 22H3 7.0 High2026-04-14
CVE-2026-34867 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.6 Medium2026-04-13
CVE-2026-5186 stb 资源管理错误漏洞 — stb 5.3 Medium2026-03-31
CVE-2026-33995 FreeRDP 资源管理错误漏洞 — FreeRDP 5.3 Medium2026-03-30
CVE-2026-4358 MongoDB Server 安全漏洞 — MongoDB Server 6.4 Medium2026-03-17
CVE-2026-28537 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.1 Medium2026-03-05
CVE-2025-12343 FFmpeg 安全漏洞 3.3 Low2026-02-18
CVE-2026-25556 MuPDF 资源管理错误漏洞 — MuPDF 7.8AIHighAI2026-02-06
CVE-2026-20415 MediaTek Chipsets 安全漏洞 — MediaTek chipset 4.4AIMediumAI2026-02-02
CVE-2026-21918 Juniper Networks Junos OS 资源管理错误漏洞 — Junos OS 7.5 High2026-01-15
CVE-2025-13844 Schneider Electric EcoStruxure Power Build Rapsody 资源管理错误漏洞 — EcoStruxure Power Build Rapsody 7.8AIHighAI2026-01-15
CVE-2026-20863 Microsoft Win32k 资源管理错误漏洞 — Windows 11 version 22H3 7.0 High2026-01-13
CVE-2026-20832 Microsoft Windows Remote Procedure Call Runtime 资源管理错误漏洞 — Windows 10 Version 1607 7.8 High2026-01-13
CVE-2025-68657 Espressif ESP-IDF 安全漏洞 — esp-usb 6.4 Medium2026-01-12
CVE-2026-20026 Cisco UTD SNORT IPS Engine Software和Cisco Secure Firewall Threat Defense Software 资源管理错误漏洞 — Cisco Secure Firewall Threat Defense (FTD) Software 5.8 Medium2026-01-07
CVE-2025-47396 Qualcomm Chipsets 安全漏洞 — Snapdragon 7.8 High2026-01-06
CVE-2025-47356 Qualcomm Chipsets 安全漏洞 — Snapdragon 7.8 High2026-01-06
CVE-2025-20786 MediaTek chipsets 安全漏洞 — MediaTek chipset 6.7 -2026-01-06
CVE-2025-20781 MediaTek chipsets 安全漏洞 — MediaTek chipset 6.7 -2026-01-06
CVE-2025-20801 MediaTek chipsets 安全漏洞 — MediaTek chipset 6.4 -2026-01-06
CVE-2025-65955 ImageMagick 资源管理错误漏洞 — ImageMagick 4.9 Medium2025-12-02
CVE-2025-13566 nnn 资源管理错误漏洞 — nnn 3.3 Low2025-11-23

CWE-415(双重释放) 是常见的弱点类别,本平台收录该类弱点关联的 182 条 CVE 漏洞。