Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-415 (双重释放) — Vulnerability Class 182

182 vulnerabilities classified as CWE-415 (双重释放). AI Chinese analysis included.

CWE-415 represents a critical memory management weakness where a software product erroneously invokes the free function on the same memory address twice. This flaw typically arises from improper pointer handling or logic errors in deallocation sequences, leading to undefined behavior that attackers can exploit to achieve arbitrary code execution or cause denial-of-service conditions. By corrupting the heap’s internal metadata, a double free allows adversaries to manipulate memory allocation structures, potentially overwriting critical data or hijacking control flow. To prevent this vulnerability, developers must ensure that pointers are set to NULL immediately after being freed, thereby preventing subsequent deallocation attempts. Additionally, implementing robust memory management practices, such as using smart pointers in C++ or employing static analysis tools to detect duplicate free calls, significantly reduces the risk of this dangerous error occurring in production environments.

MITRE CWE Description
The product calls free() twice on the same memory address.
Common Consequences (1)
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
When a program calls free() twice with the same argument, the program's memory management data structures may become corrupted, potentially leading to the reading or modification of unexpected memory addresses. This corruption can cause the program to crash or, in some circumstances, cause two later…
Mitigations (3)
Architecture and DesignChoose a language that provides automatic memory management.
ImplementationEnsure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
ImplementationUse a static analysis tool to find double free instances.
Examples (2)
The following code shows a simple example of a double free vulnerability.
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);
Bad · C
While contrived, this code should be exploitable on Linux distributions that do not ship with heap-chunk check summing turned on.
#include <stdio.h> #include <unistd.h> #define BUFSIZE1 512 #define BUFSIZE2 ((BUFSIZE1/2) - 8) int main(int argc, char **argv) { char *buf1R1; char *buf2R1; char *buf1R2; buf1R1 = (char *) malloc(BUFSIZE2); buf2R1 = (char *) malloc(BUFSIZE2); free(buf1R1); free(buf2R1); buf1R2 = (char *) malloc(BUFSIZE1); strncpy(buf1R2, argv[1], BUFSIZE1-1); free(buf2R1); free(buf1R2); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-33307 Double free in Automotive — Snapdragon 8.4 High2023-06-06
CVE-2022-33227 Double free in Linux-Android — Snapdragon 6.7 Medium2023-06-06
CVE-2023-24903 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — Windows 10 Version 1809 8.1 High2023-05-09
CVE-2023-21500 SAMSUNG Mobile devices 资源管理错误漏洞 — Samsung Mobile Devices 6.0 Medium2023-05-04
CVE-2023-28296 Visual Studio Remote Code Execution Vulnerability — Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) 7.8 High2023-04-11
CVE-2022-33231 Double free in Core — Snapdragon 9.3 Critical2023-04-04
CVE-2023-27537 curl 资源管理错误漏洞 — https://github.com/curl/curl 7.4 -2023-03-30
CVE-2023-25801 TensorFlow has double free in Fractional(Max/Avg)Pool — tensorflow 8.0 High2023-03-24
CVE-2023-1449 GPAC av_parsers.c gf_av1_reset_state double free — GPAC 5.3 Medium2023-03-17
CVE-2023-23402 Windows Media Remote Code Execution Vulnerability — Windows 10 Version 1809 7.8 High2023-03-14
CVE-2022-40515 Double free in Video — Snapdragon 7.3 High2023-03-07
CVE-2022-20803 ClamAV Double-free Vulnerability in the OLE2 File Parser — ClamAV 8.6 High2023-02-17
CVE-2022-40683 Fortinet FortiWeb 资源管理错误漏洞 — FortiWeb 7.1 High2023-02-16
CVE-2022-3806 Bluetooth HCI Error Handling Double Free — zephyr 9.8 -2023-01-19
CVE-2022-32574 Abode Iota 资源管理错误漏洞 — iota All-In-One Security Kit 8.1 -2022-10-25
CVE-2022-36043 Rizin Double Free in bobj.c when using qnx binary plugin — rizin 7.8 High2022-09-06
CVE-2022-2519 LibTIFF 资源管理错误漏洞 — libtiff 7.5 -2022-08-31
CVE-2020-27794 radare2 资源管理错误漏洞 — radare2 8.1 -2022-08-19
CVE-2022-31614 NVIDIA vGPU Software 资源管理错误漏洞 — NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming 7.0 High2022-08-05
CVE-2022-32962 HiCOS’ client-side citizen digital certificate - Double Free — HiCOS’ client-side citizen digital certificate 6.8 Medium2022-07-20
CVE-2022-31117 Double free of buffer during string decoding in ujson — ultrajson 5.9 Medium2022-07-05
CVE-2022-29032 Siemens JT2GO和Siemens Teamcenter Visualization 资源管理错误漏洞 — JT2Go 7.8 -2022-05-10
CVE-2021-23158 HTMLDOC 资源管理错误漏洞 — htmldoc 7.8 -2022-03-16
CVE-2021-42533 Adobe Bridge DCM File Parsing Double Free Remote Code Execution Vulnerability — Bridge 7.8 -2022-03-16
CVE-2021-46625 Bentley Systems Bentley View 资源管理错误漏洞 — View 7.8 -2022-02-18
CVE-2021-46621 Bentley Systems MicroStation 资源管理错误漏洞 — MicroStation CONNECT 7.8 -2022-02-18
CVE-2021-4091 389-ds-base 资源管理错误漏洞 — 389-ds-base 7.5 -2022-02-18
CVE-2021-22600 Double Free in net/packet/af_packet.c leading to priviledge escalation — Kernel 6.6 Medium2022-01-26
CVE-2022-23012 F5 BIG-IP 资源管理错误漏洞 — BIG-IP 7.5 -2022-01-25
CVE-2021-1119 Nvidia vGPU Software 资源管理错误漏洞 — NVIDIA Virtual GPU Software 7.1 High2021-10-29

Vulnerabilities classified as CWE-415 (双重释放) represent 182 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.