Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CVEs (781)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-25136 3Fedoraproject NetappOpenbsd 6500f Firmware A250 FirmwareC250 Firmware+3 more May 28, 2026 Feb 3, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the defaul...Show more OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."Show less
CVE-2022-3806 1Zephyrproject 1Zephyr Apr 3, 2025 Jan 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
CVE-2022-25717 1Qualcomm 45Apq8096au Firmware Aqt1000 FirmwareMdm9150 Firmware+42 more Apr 9, 2025 Jan 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in display due to double free while allocating frame buffer memory
CVE-2022-47975 1Huawei 2Emui Harmonyos Apr 9, 2025 Jan 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-44640 2Heimdal Project Samba 2Heimdal Samba Apr 15, 2025 Dec 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
CVE-2022-40304 3Apple NetappXmlsoft 17Active Iq Unified Manager Clustered Data OntapClustered Data Ontap Antivirus Connector+14 more Apr 28, 2025 Nov 23, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
CVE-2022-3238 1Linux 1Linux Kernel May 1, 2025 Nov 14, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-32614 1Google 1Android May 1, 2025 Nov 8, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: A...Show more In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571.Show less
CVE-2021-39432 1Diplib 1Diplib May 2, 2025 Nov 4, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 diplib v3.0.0 is vulnerable to Double Free.
CVE-2022-42915 5Apple FedoraprojectHaxx+2 more 9Curl FedoraH300s Firmware+6 more May 7, 2025 Oct 29, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels...Show more curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.Show less
CVE-2022-32574 1Goabode 1Iota All In One Security Kit Firmware Nov 21, 2024 Oct 25, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corru...Show more A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2022-25750 1Qualcomm 15Kailua Firmware Sg8275 FirmwareSg8275p Firmware+12 more May 13, 2025 Oct 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile
CVE-2022-25660 1Qualcomm 93Aqt1000 Firmware Ar8035 FirmwareQam8295p Firmware+90 more May 15, 2025 Oct 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2022-3595 1Linux 1Linux Kernel Nov 21, 2024 Oct 18, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to dou...Show more A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211364.Show less
CVE-2022-0699 1Osgeo 1Shapelib Jan 24, 2026 Oct 17, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.
CVE-2019-5797 1Google 1Chrome May 20, 2025 Sep 29, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-39002 1Huawei 3Emui HarmonyosMagic Ui Nov 21, 2024 Sep 16, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.
CVE-2022-36043 1Rizin 1Rizin Nov 21, 2024 Sep 6, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx bina...Show more Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue.Show less
CVE-2022-25668 1Qualcomm 146Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+143 more Nov 21, 2024 Sep 2, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrag...Show more Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2022-39170 2Fedoraproject Libdwarf Project 2Fedora Libdwarf Nov 21, 2024 Sep 2, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

Previous 1...192021...40 Next