Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-415 (双重释放) — Vulnerability Class 182

182 vulnerabilities classified as CWE-415 (双重释放). AI Chinese analysis included.

CWE-415 represents a critical memory management weakness where a software product erroneously invokes the free function on the same memory address twice. This flaw typically arises from improper pointer handling or logic errors in deallocation sequences, leading to undefined behavior that attackers can exploit to achieve arbitrary code execution or cause denial-of-service conditions. By corrupting the heap’s internal metadata, a double free allows adversaries to manipulate memory allocation structures, potentially overwriting critical data or hijacking control flow. To prevent this vulnerability, developers must ensure that pointers are set to NULL immediately after being freed, thereby preventing subsequent deallocation attempts. Additionally, implementing robust memory management practices, such as using smart pointers in C++ or employing static analysis tools to detect duplicate free calls, significantly reduces the risk of this dangerous error occurring in production environments.

MITRE CWE Description
The product calls free() twice on the same memory address.
Common Consequences (1)
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
When a program calls free() twice with the same argument, the program's memory management data structures may become corrupted, potentially leading to the reading or modification of unexpected memory addresses. This corruption can cause the program to crash or, in some circumstances, cause two later…
Mitigations (3)
Architecture and DesignChoose a language that provides automatic memory management.
ImplementationEnsure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
ImplementationUse a static analysis tool to find double free instances.
Examples (2)
The following code shows a simple example of a double free vulnerability.
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);
Bad · C
While contrived, this code should be exploitable on Linux distributions that do not ship with heap-chunk check summing turned on.
#include <stdio.h> #include <unistd.h> #define BUFSIZE1 512 #define BUFSIZE2 ((BUFSIZE1/2) - 8) int main(int argc, char **argv) { char *buf1R1; char *buf2R1; char *buf1R2; buf1R1 = (char *) malloc(BUFSIZE2); buf2R1 = (char *) malloc(BUFSIZE2); free(buf1R1); free(buf2R1); buf1R2 = (char *) malloc(BUFSIZE1); strncpy(buf1R2, argv[1], BUFSIZE1-1); free(buf2R1); free(buf1R2); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2024-39564 Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash — Junos OS 7.5 High2025-02-05
CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability — Windows 10 Version 1809 8.8 High2025-01-14
CVE-2024-12107 Double Free in µD3TN — µD3TN 7.5 High2024-12-04
CVE-2024-10934 OpenBSD NFS double-free vulnerability — OpenBSD 9.8 Critical2024-11-15
CVE-2024-47426 Substance3D - Painter | Double Free (CWE-415) — Substance3D - Painter 7.8 High2024-11-12
CVE-2024-49014 SQL Server Native Client Remote Code Execution Vulnerability — Microsoft SQL Server 2017 (GDR) 8.8 High2024-11-12
CVE-2024-43640 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability — Windows Server 2022 7.8 High2024-11-12
CVE-2024-43447 Windows SMBv3 Server Remote Code Execution Vulnerability — Windows Server 2022 8.1 High2024-11-12
CVE-2024-47404 Liteos_a has a double free vulnerability — OpenHarmony 8.4 High2024-11-05
CVE-2024-3935 Eclipse Mosquito: Double free vulnerability — mosquitto 9.8AICriticalAI2024-10-30
CVE-2024-45402 Picotls double free — picotls 8.6 High2024-10-11
CVE-2024-43514 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability — Windows 11 Version 24H2 7.8 High2024-10-08
CVE-2024-23379 Double Free in DSP Services — Snapdragon 6.7 Medium2024-10-07
CVE-2024-20498 Cisco Meraki Z Series Teleworker Gateway和Cisco Meraki MX 安全漏洞 — Cisco Meraki MX Firmware 8.6 High2024-10-02
CVE-2024-38247 Windows Graphics Component Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2024-09-10
CVE-2023-7256 Double-free in libpcap before 1.10.5 with remote packet capture support. — libpcap 4.4 Medium2024-08-30
CVE-2024-38157 Azure IoT SDK Remote Code Execution Vulnerability — Azure IoT Hub Device Client SDK 7.0 High2024-08-13
CVE-2024-41957 Vim double free in src/alloc.c:616 — vim 4.5 Medium2024-08-01
CVE-2024-30013 Windows MultiPoint Services Remote Code Execution Vulnerability — Windows 10 Version 1809 8.8 High2024-07-09
CVE-2024-38087 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability — Microsoft SQL Server 2017 (GDR) 8.8 High2024-07-09
CVE-2024-21461 Double Free in HLOS — Snapdragon 8.4 High2024-07-01
CVE-2024-23141 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software — AutoCAD 7.8 High2024-06-25
CVE-2024-30097 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability — Windows 10 Version 1809 8.8 High2024-06-11
CVE-2024-27127 QTS, QuTS hero — QTS 7.2 High2024-05-21
CVE-2024-30027 NTFS Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2024-05-14
CVE-2023-44247 Fortinet FortiOS 资源管理错误漏洞 — FortiOS 6.5 Medium2024-05-14
CVE-2023-52384 Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.7 Medium2024-05-11
CVE-2023-52383 Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.7 Medium2024-05-11
CVE-2021-34981 Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability — Kernel 6.7 -2024-05-07
CVE-2024-3446 Qemu: virtio: dma reentrancy issue leads to double free vulnerability — Red Hat Enterprise Linux 8 8.2 High2024-04-09

Vulnerabilities classified as CWE-415 (双重释放) represent 182 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.