logo

CWE-415 - Double Free

CWE-415 High

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Double Free

Description

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

When a program calls free() twice with the same argument, the program's memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack.

Common Consequences

Scope: Integrity, Confidentiality, Availability

Impact: Modify Memory, Execute Unauthorized Code or Commands

Notes: Doubly freeing memory may result in a write-what-where condition, allowing an attacker to execute arbitrary code.

Related Weaknesses

CWE-416Use After FreeHigh

CWE-666Operation on Resource in Wrong Phase of Lifetime

CWE-123Write-what-where ConditionHigh

CWE-672Operation on a Resource after Expiration or Release

CWE-825Expired Pointer Dereference

CWE-1341Multiple Releases of Same Resource or Handle

  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website