Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-415 (双重释放) — Vulnerability Class 182

182 vulnerabilities classified as CWE-415 (双重释放). AI Chinese analysis included.

CWE-415 represents a critical memory management weakness where a software product erroneously invokes the free function on the same memory address twice. This flaw typically arises from improper pointer handling or logic errors in deallocation sequences, leading to undefined behavior that attackers can exploit to achieve arbitrary code execution or cause denial-of-service conditions. By corrupting the heap’s internal metadata, a double free allows adversaries to manipulate memory allocation structures, potentially overwriting critical data or hijacking control flow. To prevent this vulnerability, developers must ensure that pointers are set to NULL immediately after being freed, thereby preventing subsequent deallocation attempts. Additionally, implementing robust memory management practices, such as using smart pointers in C++ or employing static analysis tools to detect duplicate free calls, significantly reduces the risk of this dangerous error occurring in production environments.

MITRE CWE Description
The product calls free() twice on the same memory address.
Common Consequences (1)
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
When a program calls free() twice with the same argument, the program's memory management data structures may become corrupted, potentially leading to the reading or modification of unexpected memory addresses. This corruption can cause the program to crash or, in some circumstances, cause two later…
Mitigations (3)
Architecture and DesignChoose a language that provides automatic memory management.
ImplementationEnsure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
ImplementationUse a static analysis tool to find double free instances.
Examples (2)
The following code shows a simple example of a double free vulnerability.
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);
Bad · C
While contrived, this code should be exploitable on Linux distributions that do not ship with heap-chunk check summing turned on.
#include <stdio.h> #include <unistd.h> #define BUFSIZE1 512 #define BUFSIZE2 ((BUFSIZE1/2) - 8) int main(int argc, char **argv) { char *buf1R1; char *buf2R1; char *buf1R2; buf1R1 = (char *) malloc(BUFSIZE2); buf2R1 = (char *) malloc(BUFSIZE2); free(buf1R1); free(buf2R1); buf1R2 = (char *) malloc(BUFSIZE1); strncpy(buf1R2, argv[1], BUFSIZE1-1); free(buf2R1); free(buf1R2); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-21797 Nitro Software Nitro Pro 资源管理错误漏洞 — Nitro Pro 7.8 -2021-10-18
CVE-2021-25477 Samsung SMR 资源管理错误漏洞 — Samsung Mobile Devices 4.4 Medium2021-10-06
CVE-2021-1565 Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities — Cisco IOS XE Software 8.6 High2021-09-23
CVE-2021-34769 Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities — Cisco IOS XE Software 8.6 High2021-09-23
CVE-2021-34768 Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities — Cisco IOS XE Software 8.6 High2021-09-23
CVE-2021-22945 libcurl 资源管理错误漏洞 — https://github.com/curl/curl 9.1 -2021-09-23
CVE-2021-34734 Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability — Cisco Video Surveillance 7000 Series IP Cameras 6.5 Medium2021-08-18
CVE-2021-34333 Siemens Jt2go 和 Siemens Teamcenter Visualization 资源管理错误漏洞 — JT2Go 5.5 -2021-07-13
CVE-2021-3564 Linux kernel 资源管理错误漏洞 — kernel 5.5 -2021-06-08
CVE-2021-31449 Foxit Reader 资源管理错误漏洞 — Reader 7.8 -2021-05-07
CVE-2021-3492 Ubuntu linux kernel shiftfs file system double free vulnerability — Linux kernel 8.8 High2021-04-17
CVE-2021-3407 artifex mupdf 资源管理错误漏洞 — mupdf 5.5 -2021-02-23
CVE-2020-15710 Potential double-free in pulseaudio — PulseAudio 5.3 Medium2020-11-19
CVE-2020-9747 Double-free vulnerability in Adobe Animate 20.5 — Animate 7.8 High2020-10-21
CVE-2020-1686 Junos OS: Kernel crash (vmcore) upon receipt of a malformed IPv6 packet. — Junos OS 7.5 High2020-10-16
CVE-2020-25637 Red Hat libvirt 资源管理错误漏洞 — libvirt 7.2 -2020-10-06
CVE-2020-16217 Advantech WebAccess HMI Designer 资源管理错误漏洞 — Advantech WebAccess HMI Designer 7.8 -2020-08-06
CVE-2020-1647 Junos OS: SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled — Junos OS 9.8 Critical2020-07-17
CVE-2020-11017 Double free in cliprdr_server_receive_capabilities in FreeRDP — FreeRDP 6.5 Medium2020-05-29
CVE-2020-11044 Double Free in FreeRDP — FreeRDP 2.2 Low2020-05-07
CVE-2020-3179 Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability — Cisco Firepower Threat Defense Software 7.5 -2020-05-06
CVE-2019-11049 mail() may release string with refcount==1 twice — PHP 6.5 Medium2019-12-23
CVE-2019-11932 Facebook WhatsApp 资源管理错误漏洞 — android-gif-drawable 8.8 -2019-10-03
CVE-2019-5481 Haxx libcurl 资源管理错误漏洞 — curl 9.8 -2019-09-16
CVE-2019-5460 VideoLAN VLC media player 资源管理错误漏洞 — VLC Media Player 5.5 -2019-07-30
CVE-2018-0469 Cisco IOS XE Software Web UI Denial of Service Vulnerability — Cisco IOS XE Software 8.6 -2018-10-05
CVE-2018-8835 Advantech WebAccess HMI Designer 安全漏洞 — Advantech WebAccess HMI Designer 7.8 -2018-04-25
CVE-2018-0160 Cisco IOS XE Software Simple Network Management Protocol子系统安全漏洞 — Cisco IOS XE 7.7 -2018-03-28
CVE-2018-7523 Omron CX-Supervisor 缓冲区错误漏洞 — Omron CX-Supervisor 5.3 -2018-03-21
CVE-2018-5379 Quagga BGP daemon 安全漏洞 — bgpd 9.8 -2018-02-19

Vulnerabilities classified as CWE-415 (双重释放) represent 182 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.