Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-415 (双重释放) — Vulnerability Class 182

182 vulnerabilities classified as CWE-415 (双重释放). AI Chinese analysis included.

CWE-415 represents a critical memory management weakness where a software product erroneously invokes the free function on the same memory address twice. This flaw typically arises from improper pointer handling or logic errors in deallocation sequences, leading to undefined behavior that attackers can exploit to achieve arbitrary code execution or cause denial-of-service conditions. By corrupting the heap’s internal metadata, a double free allows adversaries to manipulate memory allocation structures, potentially overwriting critical data or hijacking control flow. To prevent this vulnerability, developers must ensure that pointers are set to NULL immediately after being freed, thereby preventing subsequent deallocation attempts. Additionally, implementing robust memory management practices, such as using smart pointers in C++ or employing static analysis tools to detect duplicate free calls, significantly reduces the risk of this dangerous error occurring in production environments.

MITRE CWE Description
The product calls free() twice on the same memory address.
Common Consequences (1)
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
When a program calls free() twice with the same argument, the program's memory management data structures may become corrupted, potentially leading to the reading or modification of unexpected memory addresses. This corruption can cause the program to crash or, in some circumstances, cause two later…
Mitigations (3)
Architecture and DesignChoose a language that provides automatic memory management.
ImplementationEnsure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
ImplementationUse a static analysis tool to find double free instances.
Examples (2)
The following code shows a simple example of a double free vulnerability.
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);
Bad · C
While contrived, this code should be exploitable on Linux distributions that do not ship with heap-chunk check summing turned on.
#include <stdio.h> #include <unistd.h> #define BUFSIZE1 512 #define BUFSIZE2 ((BUFSIZE1/2) - 8) int main(int argc, char **argv) { char *buf1R1; char *buf2R1; char *buf1R2; buf1R1 = (char *) malloc(BUFSIZE2); buf2R1 = (char *) malloc(BUFSIZE2); free(buf1R1); free(buf2R1); buf1R2 = (char *) malloc(BUFSIZE1); strncpy(buf1R2, argv[1], BUFSIZE1-1); free(buf2R1); free(buf1R2); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset — Apache HTTP Server 9.8 -2026-05-04
CVE-2026-5657 Double Free in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability — Windows 10 Version 1607 9.8 Critical2026-04-14
CVE-2026-32074 Windows Projected File System Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2026-04-14
CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2026-04-14
CVE-2026-26163 Windows Kernel Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.8 High2026-04-14
CVE-2026-32219 Microsoft Brokering File System Elevation of Privilege Vulnerability — Windows 11 Version 24H2 7.0 High2026-04-14
CVE-2026-26179 Windows Kernel Elevation of Privilege Vulnerability — Windows 11 version 22H3 7.8 High2026-04-14
CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability — Windows 11 version 22H3 7.0 High2026-04-14
CVE-2026-34867 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.6 Medium2026-04-13
CVE-2026-5186 Nothings stb Multi-frame GIF File stb_image.h stbi__load_gif_main double free — stb 5.3 Medium2026-03-31
CVE-2026-33995 FreeRDP: Possible double free in kerberos_AcceptSecurityContext — FreeRDP 5.3 Medium2026-03-30
CVE-2026-4358 Memory safety issues in slot-based execution hash table spill — MongoDB Server 6.4 Medium2026-03-17
CVE-2026-28537 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.1 Medium2026-03-05
CVE-2025-12343 Ffmpeg: double-free vulnerability in ffmpeg tensorflow dnn backend 3.3 Low2026-02-18
CVE-2026-25556 MuPDF <= 1.27.0 Barcode Decoding Double Free — MuPDF 7.8AIHighAI2026-02-06
CVE-2026-20415 MediaTek Chipsets 安全漏洞 — MediaTek chipset 4.4AIMediumAI2026-02-02
CVE-2026-21918 Junos OS: SRX and MX Series: When TCP packets occur in a specific sequence flowd crashes — Junos OS 7.5 High2026-01-15
CVE-2025-13844 Schneider Electric EcoStruxure Power Build Rapsody 资源管理错误漏洞 — EcoStruxure Power Build Rapsody 7.8AIHighAI2026-01-15
CVE-2026-20863 Win32k Elevation of Privilege Vulnerability — Windows 11 version 22H3 7.0 High2026-01-13
CVE-2026-20832 Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.8 High2026-01-13
CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path — esp-usb 6.4 Medium2026-01-12
CVE-2026-20026 Multiple Cisco Products Snort 3 DCERPC Vulnerabilities — Cisco Secure Firewall Threat Defense (FTD) Software 5.8 Medium2026-01-07
CVE-2025-47396 Double Free in Graphics — Snapdragon 7.8 High2026-01-06
CVE-2025-47356 Double Free in Video — Snapdragon 7.8 High2026-01-06
CVE-2025-20786 MediaTek chipsets 安全漏洞 — MediaTek chipset 6.7 -2026-01-06
CVE-2025-20781 MediaTek chipsets 安全漏洞 — MediaTek chipset 6.7 -2026-01-06
CVE-2025-20801 MediaTek chipsets 安全漏洞 — MediaTek chipset 6.4 -2026-01-06
CVE-2025-65955 ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family — ImageMagick 4.9 Medium2025-12-02
CVE-2025-13566 jarun nnn nnn.c run_cmd_as_plugin double free — nnn 3.3 Low2025-11-23

Vulnerabilities classified as CWE-415 (双重释放) represent 182 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.