Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-415 (双重释放) — Vulnerability Class 182

182 vulnerabilities classified as CWE-415 (双重释放). AI Chinese analysis included.

CWE-415 represents a critical memory management weakness where a software product erroneously invokes the free function on the same memory address twice. This flaw typically arises from improper pointer handling or logic errors in deallocation sequences, leading to undefined behavior that attackers can exploit to achieve arbitrary code execution or cause denial-of-service conditions. By corrupting the heap’s internal metadata, a double free allows adversaries to manipulate memory allocation structures, potentially overwriting critical data or hijacking control flow. To prevent this vulnerability, developers must ensure that pointers are set to NULL immediately after being freed, thereby preventing subsequent deallocation attempts. Additionally, implementing robust memory management practices, such as using smart pointers in C++ or employing static analysis tools to detect duplicate free calls, significantly reduces the risk of this dangerous error occurring in production environments.

MITRE CWE Description
The product calls free() twice on the same memory address.
Common Consequences (1)
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
When a program calls free() twice with the same argument, the program's memory management data structures may become corrupted, potentially leading to the reading or modification of unexpected memory addresses. This corruption can cause the program to crash or, in some circumstances, cause two later…
Mitigations (3)
Architecture and DesignChoose a language that provides automatic memory management.
ImplementationEnsure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
ImplementationUse a static analysis tool to find double free instances.
Examples (2)
The following code shows a simple example of a double free vulnerability.
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);
Bad · C
While contrived, this code should be exploitable on Linux distributions that do not ship with heap-chunk check summing turned on.
#include <stdio.h> #include <unistd.h> #define BUFSIZE1 512 #define BUFSIZE2 ((BUFSIZE1/2) - 8) int main(int argc, char **argv) { char *buf1R1; char *buf2R1; char *buf1R2; buf1R1 = (char *) malloc(BUFSIZE2); buf2R1 = (char *) malloc(BUFSIZE2); free(buf1R1); free(buf2R1); buf1R2 = (char *) malloc(BUFSIZE1); strncpy(buf1R2, argv[1], BUFSIZE1-1); free(buf2R1); free(buf1R2); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2024-26257 Microsoft Excel Remote Code Execution Vulnerability — Microsoft 365 Apps for Enterprise 7.8 High2024-04-09
CVE-2024-2002 Libdwarf: crashes randomly on fuzzed object 7.5 High2024-03-18
CVE-2024-21445 Windows USB Print Driver Elevation of Privilege Vulnerability — Windows Server 2022 7.0 High2024-03-12
CVE-2024-27099 Azure IoT Platform Device SDK Double Free Vulnerability — azure-uamqp-c 9.8 Critical2024-02-27
CVE-2024-22097 Biosig Project libbiosig 安全漏洞 — libbiosig 9.8 Critical2024-02-20
CVE-2024-23809 Biosig Project libbiosig 资源管理错误漏洞 — libbiosig 9.8 Critical2024-02-20
CVE-2023-38562 Weston Embedded uC-TCP-IP 资源管理错误漏洞 — uC-TCP-IP 8.7 High2024-02-20
CVE-2024-21606 Junos OS: SRX Series: When "tcp-encap" is configured and specific packets are received flowd will crash — Junos OS 7.5 High2024-01-12
CVE-2023-1032 Linux kernel 安全漏洞 — linux 4.7 Medium2024-01-08
CVE-2023-28583 Double Free in Data Network Stack & Connectivity — Snapdragon 6.7 Medium2024-01-02
CVE-2023-4256 Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c — tcpreplay 5.5 Medium2023-12-21
CVE-2023-41678 Fortinet FortiOS 资源管理错误漏洞 — FortiOS 8.3 High2023-12-13
CVE-2023-45679 Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis — stb 7.3 High2023-10-20
CVE-2023-45666 Possible double-free or memory leak in stbi__load_gif_main in stb_image — stb 7.3 High2023-10-20
CVE-2023-45664 Double-free in stbi__load_gif_main_outofmem in stb_image — stb 7.3 High2023-10-20
CVE-2023-42459 Malformed DATA submessage leads to bad-free error in Fast-DDS — Fast-DDS 8.6 High2023-10-16
CVE-2023-36418 Azure RTOS GUIX Studio Remote Code Execution Vulnerability — Azure RTOS GUIX Studio 7.8 High2023-10-10
CVE-2023-36420 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability — Microsoft SQL Server 2019 (GDR) 7.8 High2023-10-10
CVE-2023-41325 OP-TEE double free in shdr_verify_signature — optee_os 7.4 High2023-09-15
CVE-2023-4389 Kernel: btrfs: double free in btrfs_get_root_ref() — Kernel 7.0 High2023-08-16
CVE-2023-35371 Microsoft Office Remote Code Execution Vulnerability — Microsoft Office 2019 7.8 High2023-08-08
CVE-2023-33952 Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects — Red Hat Enterprise Linux 8 6.7 Medium2023-07-24
CVE-2023-33161 Microsoft Excel Remote Code Execution Vulnerability — Microsoft Office 2019 for Mac 7.8 High2023-07-11
CVE-2023-21629 Double Free in Modem — Snapdragon 6.8 Medium2023-07-04
CVE-2023-3312 Linux kernel 资源管理错误漏洞 — Kernel 5.5 -2023-06-19
CVE-2023-29368 Windows Filtering Platform Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.0 High2023-06-13
CVE-2023-29366 Windows Geolocation Service Remote Code Execution Vulnerability — Windows Server 2022 7.8 High2023-06-13
CVE-2023-33137 Microsoft Excel Remote Code Execution Vulnerability — Microsoft Office 2019 7.8 High2023-06-13
CVE-2022-40522 Double free in Linux Networking — Snapdragon 8.4 High2023-06-06
CVE-2022-40507 Double free in Core — Snapdragon 8.4 High2023-06-06

Vulnerabilities classified as CWE-415 (双重释放) represent 182 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.