CWE-415 - Double Free

Description

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. When a program calls free() twice with the same argument, the program's memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc to return the same pointer. If malloc returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack. Doubly freeing memory may result in a write-what-where condition, allowing an attacker to execute arbitrary code. The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-415

Multiple vulnerabilities in Dell Networking OS10 2024-04-23
High Yes

Double free in IBM Power System 2024-04-22
Medium Yes

SolarWinds Security Event Manager (SEM) update for third-party components 2024-04-17
Medium Yes

Multiple vulnerabilities in Juniper Networks Junos cRPD 2024-04-15
High Yes

Multiple vulnerabilities in Juniper Cloud Native Router 2024-04-15
High Yes

Denial of service in libdwarf 2024-04-15
Medium Yes

Multiple vulnerabilities in Siemens Telecontrol Server Basic 2024-04-15
High Yes

Remote code execution in Microsoft Excel 2024-04-10
High Yes

Remote code execution in yyjson library 2024-04-09
High Yes

Multiple vulnerabilities in IBM Operations Analytics Predictive Insights 2024-04-08
High Yes

References

Description of CWE-415 on Mitre website