CWE WEAKNESSES / CWE-415
CWE-415
Double Free
Variant EXPLOIT LIKELIHOOD: HIGH
What it is
The product calls free() twice on the same memory address.
Impact
| Integrity, Confidentiality, Availability | Modify Memory, Execute Unauthorized Code or Commands |
Mitigations
- [Architecture and Design] Choose a language that provides automatic memory management.
- [Implementation] Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
- [Implementation] Use a static analysis tool to find double free instances.
Real-world CVE examples
- CVE-2006-5051 — Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition (CWE-362) that leads to a double free (CWE-415).
- CVE-2004-0642 — Double free resultant from certain error conditions.
- CVE-2004-0772 — Double free resultant from certain error conditions.
- CVE-2005-1689 — Double free resultant from certain error conditions.
- CVE-2003-0545 — Double free from invalid ASN.1 encoding.
- CVE-2003-1048 — Double free from malformed GIF.
- CVE-2005-0891 — Double free from malformed GIF.
- CVE-2002-0059 — Double free from malformed compressed data.
Related weaknesses
CWE-825 (childof)CWE-1341 (childof)CWE-672 (childof)CWE-666 (childof)CWE-416 (peerof)CWE-123 (peerof)
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →