CWE-415
Double Free
Description
The product calls free() twice on the same memory address.
Common Consequences
Scope
Impact
Modify Memory, Execute Unauthorized Code or Commands
Potential Mitigations
Choose a language that provides automatic memory management.
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
Use a static analysis tool to find double free instances.
CVE-2006-5051Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition (CWE-362) that leads to a double free (CWE-415).
CVE-2004-0642Double free resultant from certain error conditions.
CVE-2004-0772Double free resultant from certain error conditions.
CVE-2005-1689Double free resultant from certain error conditions.
CVE-2003-0545Double free from invalid ASN.1 encoding.
CVE-2003-1048Double free from malformed GIF.
CVE-2005-0891Double free from malformed GIF.
CVE-2002-0059Double free from malformed compressed data.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now