Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CVEs (781)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-1032 2Canonical Linux 2Linux Kernel Ubuntu Linux Nov 21, 2024 Jan 8, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15...Show more The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.Show less
CVE-2022-2588 2Canonical Linux 2Linux Kernel Ubuntu Linux Nov 21, 2024 Jan 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
CVE-2023-28583 1Qualcomm 30Aqt1000 Firmware Fastconnect 6200 FirmwareQca6420 Firmware+27 more Nov 21, 2024 Jan 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.
CVE-2023-52284 1Bytecodealliance 1Webassembly Micro Runtime Nov 21, 2024 Dec 31, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.
CVE-2023-4256 2Broadcom Fedoraproject 3Extra Packages For Enterprise Linux FedoraTcpreplay Nov 21, 2024 Dec 21, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted f...Show more Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.Show less
CVE-2023-49937 1Schedmd 1Slurm Nov 4, 2025 Dec 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and...Show more An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.Show less
CVE-2023-41678 1Fortinet 2Fortios Fortipam Nov 21, 2024 Dec 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
CVE-2023-40103 1Google 1Android Nov 21, 2024 Dec 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...Show more In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-48013 1Gpac 1Gpac Nov 21, 2024 Nov 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
CVE-2023-43281 1Nothings 1Stb Image.h Nov 21, 2024 Oct 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
CVE-2023-45679 1Nothings 1Stb Vorbis.c Nov 21, 2024 Oct 21, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers...Show more stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.Show less
CVE-2023-45666 1Nothings 1Stb Image.h Nov 21, 2024 Oct 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `delays` upon failure. Although it sets `delays`...Show more stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `delays` upon failure. Although it sets `delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freedShow less
CVE-2023-45664 1Nothings 1Stb Image.h Nov 21, 2024 Oct 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` becaus...Show more stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.Show less
CVE-2023-42459 1Eprosima 1Fast Dds Apr 11, 2025 Oct 16, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a...Show more Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-36420 1Microsoft 2Odbc Driver For Sql Server Sql Server Nov 21, 2024 Oct 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-36418 1Microsoft 1Azure Rtos Guix Studio Nov 21, 2024 Oct 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2023-32824 1Google 1Android Nov 21, 2024 Oct 2, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS...Show more In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961.Show less
CVE-2023-41911 1Samsung 1Exynos 2200 Firmware Nov 21, 2024 Sep 28, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).
CVE-2023-41374 1Jtekt 1Kostac Plc Nov 21, 2024 Sep 20, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming...Show more Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.Show less
CVE-2023-41325 1Linaro 1Op Tee Nov 21, 2024 Sep 15, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_...Show more OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.Show less

Previous 1...161718...40 Next