CWE-415 799 個 CVE MITRE 定義 ↗

CWE-415:Double Free

概覽

CWE-415(Double Free)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product calls free() twice on the same memory address.

適用平台

類型 名稱 普遍性 OS / CPE
language Memory-Unsafe Often
language C Undetermined
language C++ Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-14604 2026-07-03 A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY…
CVE-2026-58381 2026-07-02 A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause…
CVE-2026-10653 2026-06-30 The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the per-data-block ref_count at the start of each variable/heap data allocation -…
CVE-2026-14164 2026-06-30 A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking st…
CVE-2026-43706 2026-06-29 A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an un…
CVE-2026-55653 2026-06-23 A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Proc…
CVE-2026-56109 2026-06-22 The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously …
CVE-2026-11576 2026-06-19 The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally call…
CVE-2026-12043 2026-06-12 Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting clien…
CVE-2026-46690 2026-06-12 unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of pu…
CVE-2026-35188 2026-06-09 Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verification…
CVE-2026-45324 2026-05-29 Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vuln…
CVE-2026-44422 2026-05-29 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracki…
CVE-2026-46189 2026-05-28 In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already called…
CVE-2026-46183 2026-05-28 In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock damon_sysfs_quot_goal->path can be read and written by users, v…
CVE-2026-46164 2026-05-28 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info_sub_group() error path When kobject_init_and_add() fails, the call chain is: create_s…
CVE-2026-46162 2026-05-28 In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in ice_sf_eth_activate() error path When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to aux_dev…
CVE-2026-46129 2026-05-28 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info() error path When kobject_init_and_add() fails, the call chain is: create_space_info(…
CVE-2026-45920 2026-05-27 In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4_put_sup…
CVE-2026-45891 2026-05-27 In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3_set_ringparam(), a temporary copy (tmp_rings) of the ring structure i…

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-08-01 1.0 added/updated white box definitions
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Demonstrative_Examples
2009-10-29 CWE Content Team 1.6 updated Other_Notes
2010-09-27 CWE Content Team 1.10 updated Relationships
2010-12-13 CWE Content Team 1.11 updated Observed_Examples, Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated References, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings, White_Box_Definitions
2019-01-03 CWE Content Team 3.2 updated Relationships
2019-06-20 CWE Content Team 3.3 updated Relationships
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2020-06-25 CWE Content Team 4.1 updated Common_Consequences
2020-08-20 CWE Content Team 4.2 updated Relationships
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Maintenance_Notes, Theoretical_Notes
2021-10-28 CWE Content Team 4.6 updated Relationships
2022-04-28 CWE Content Team 4.7 updated Demonstrative_Examples, Observed_Examples
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-04-03 CWE Content Team 4.17 updated Common_Consequences, Description, Diagram
2025-09-09 CWE Content Team 4.18 updated Functional_Areas
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Detection_Factors, References, Weakness_Ordinalities
cvelogic Threat Intelligence