CWE-415: Double Free
ID
CWE-415
Abstraction
Variant
Structure
Simple
Status
Draft
Number of CVEs
500
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
When a program calls free() twice with the same argument, the program's memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | C | ||
| Language | C++ |
Relationships
| View | Weakness | |||||||
|---|---|---|---|---|---|---|---|---|
| # ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
| CWE-1000 | Research Concepts | Draft | CWE-825 | Expired Pointer Dereference | Base | Simple | Incomplete | |
| CWE-1000 | Research Concepts | Draft | CWE-1341 | Multiple Releases of Same Resource or Handle | Base | Simple | Incomplete | |
| CWE-1003 | Weaknesses for Simplified Mapping of Published Vulnerabilities | Incomplete | CWE-672 | Operation on a Resource after Expiration or Release | Class | Simple | Draft | |
| CWE-1305 | CISQ Quality Measures (2020) | Incomplete | CWE-672 | Operation on a Resource after Expiration or Release | Class | Simple | Draft | |
| CWE-1340 | CISQ Data Protection Measures | Incomplete | CWE-672 | Operation on a Resource after Expiration or Release | Class | Simple | Draft | |
| CWE-1000 | Research Concepts | Draft | CWE-666 | Operation on Resource in Wrong Phase of Lifetime | Class | Simple | Draft | |
| CWE-1000 | Research Concepts | Draft | CWE-416 | Use After Free | Variant | Simple | Stable | |
| CWE-1000 | Research Concepts | Draft | CWE-123 | Write-what-where Condition | Base | Simple | Draft | |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...