Vulnerabilities (CVE)

Filtered by CWE-415
Total 600 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-29368 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-04-08 N/A 7.0 HIGH
Windows Filtering Platform Elevation of Privilege Vulnerability
CVE-2024-11704 1 Mozilla 2 Firefox, Thunderbird 2025-04-07 N/A 9.8 CRITICAL
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.
CVE-2024-35835 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-07 N/A 5.3 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When `in` allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error. However, arfs_create_table, the only caller of arfs_create_groups, will hold this error and call to mlx5e_destroy_flow_table, in which the ft->g will be freed again.
CVE-2022-3806 1 Zephyrproject 1 Zephyr 2025-04-03 N/A 9.8 CRITICAL
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
CVE-2003-0545 1 Openssl 1 Openssl 2025-04-03 10.0 HIGH 9.8 CRITICAL
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
CVE-2004-0642 3 Debian, Mit, Redhat 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more 2025-04-03 7.5 HIGH N/A
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
CVE-2003-0015 2 Cvs, Freebsd 2 Cvs, Freebsd 2025-04-03 7.5 HIGH N/A
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
CVE-2005-1689 3 Apple, Debian, Mit 4 Mac Os X, Mac Os X Server, Debian Linux and 1 more 2025-04-03 7.5 HIGH 9.8 CRITICAL
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
CVE-2004-0772 3 Debian, Mit, Openpkg 3 Debian Linux, Kerberos 5, Openpkg 2025-04-03 7.5 HIGH 9.8 CRITICAL
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
CVE-2004-0643 3 Debian, Mit, Redhat 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more 2025-04-03 4.6 MEDIUM N/A
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
CVE-2005-0891 1 Gnome 1 Gtk 2025-04-03 5.0 MEDIUM 7.5 HIGH
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
CVE-2002-0059 1 Zlib 1 Zlib 2025-04-03 7.5 HIGH 9.8 CRITICAL
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
CVE-2003-1048 1 Microsoft 8 Internet Explorer, Outlook, Windows 98 and 5 more 2025-04-03 10.0 HIGH 7.8 HIGH
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
CVE-2024-36030 1 Linux 1 Linux Kernel 2025-04-01 N/A 7.1 HIGH
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: fix the double free in rvu_npc_freemem() Clang static checker(scan-build) warning: drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2 Attempt to free released memory. npc_mcam_rsrcs_deinit() has released 'mcam->counters.bmap'. Deleted this redundant kfree() to fix this double free problem.
CVE-2025-2027 2025-03-28 N/A N/A
A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information.
CVE-2024-58055 1 Linux 1 Linux Kernel 2025-03-25 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Don't free command immediately Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command.
CVE-2022-43454 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-03-24 N/A 7.8 HIGH
A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-27320 2 Fedoraproject, Sudo Project 2 Fedora, Sudo 2025-03-21 N/A 7.2 HIGH
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
CVE-2024-26846 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-03-21 N/A 4.4 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvme_delete_ctrl and ida_destroy has been added by the initial commit. There is some logic around trying to prevent from hanging forever in wait_for_completion, though it does not handling all cases. E.g. blktests is able to reproduce the situation where the module unload hangs forever. If we completely rely on the cleanup code executed from the nvme_delete_ctrl path, all IDs will be freed eventually. This makes calling ida_destroy unnecessary. We only have to ensure that all nvme_delete_ctrl code has been executed before we leave nvme_fc_exit_module. This is done by flushing the nvme_delete_wq workqueue. While at it, remove the unused nvme_fc_wq workqueue too.
CVE-2021-33304 1 Altran 2 Picotcp, Picotcp-ng 2025-03-20 N/A 9.8 CRITICAL
Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.