CWE•Variant•Draft•20 recent CVEs
CWE-415Double Free
Description
The product calls free() twice on the same memory address.
Common consequences
- Integrity,Confidentiality,Availability→Modify Memory,Execute Unauthorized Code or Commands[object Object]
Potential mitigations
- Architecture and DesignChoose a language that provides automatic memory management.
- ImplementationEnsure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
- ImplementationUse a static analysis tool to find double free instances.
Related CWEs
CWE-825Expired Pointer DereferenceCWE-1341Multiple Releases of Same Resource or HandleCWE-672Operation on a Resource after Expiration or ReleaseCWE-672Operation on a Resource after Expiration or ReleaseCWE-672Operation on a Resource after Expiration or ReleaseCWE-666Operation on Resource in Wrong Phase of LifetimeCWE-416Use After FreeCWE-123Write-what-where Condition
Recent CVEs classified under this CWE
CVE-2026-556534.32026-06-23CVE-2026-561096.82026-06-22CVE-2026-115767.52026-06-19CVE-2026-120438.82026-06-12CVE-2026-466905.82026-06-12CVE-2026-351885.02026-06-09CVE-2026-453243.32026-05-29CVE-2026-444227.52026-05-29CVE-2026-461897.82026-05-28CVE-2026-461837.82026-05-28CVE-2026-461647.02026-05-28CVE-2026-461627.82026-05-28CVE-2026-488503.72026-05-25CVE-2026-328484.72026-05-18CVE-2020-372399.82026-05-16CVE-2026-443482.52026-05-14CVE-2026-343417.02026-05-12CVE-2026-338387.82026-05-12CVE-2026-321706.72026-05-12CVE-2026-215306.72026-05-12