VYPR

CWE-415

Double Free

VariantDraftLikelihood: High

Description

The product calls free() twice on the same memory address.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (275)

page 14 of 14
  • CVE-2018-16423MedSep 4, 2018
    risk 0.00cvss 6.6epss 0.01

    A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2018-10902HigAug 21, 2018
    risk 0.00cvss 7.8epss 0.01

    It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local…

  • CVE-2018-9336HigMay 1, 2018
    risk 0.00cvss 7.8epss 0.01

    openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have…

  • CVE-2018-8099MedMar 14, 2018
    risk 0.00cvss 6.5epss 0.01

    Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.

  • CVE-2018-7480HigFeb 25, 2018
    risk 0.00cvss 7.8epss 0.00

    The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.

  • CVE-2017-18174CriFeb 11, 2018
    risk 0.00cvss 9.8epss 0.03

    In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.

  • CVE-2017-18120HigFeb 2, 2018
    risk 0.00cvss 7.8epss 0.02

    A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.

  • CVE-2014-4343Aug 14, 2014
    risk 0.00cvss epss 0.06

    Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute…

  • CVE-2014-1252Jan 24, 2014
    risk 0.00cvss epss 0.04

    Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.

  • CVE-2011-3892Nov 11, 2011
    risk 0.00cvss epss 0.02

    Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

  • CVE-2011-2834Sep 19, 2011
    risk 0.00cvss epss 0.02

    Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

  • CVE-2011-2821Aug 29, 2011
    risk 0.00cvss epss 0.02

    Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

  • CVE-2010-3080Sep 21, 2010
    risk 0.00cvss epss 0.00

    Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the…

  • CVE-2008-2944Jun 30, 2008
    risk 0.00cvss epss 0.00

    Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different…

  • CVE-2004-0643Sep 28, 2004
    risk 0.00cvss epss 0.01

    Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.