CVEs classified under CWE-415 (Double Free), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2018-0101 — CVSS 10.0 (critical): A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an…
CVE-2026-8925 — CVSS 9.8 (critical): The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in…
CVE-2020-37239 — CVSS 9.8 (critical): libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting…
CVE-2026-43011 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in…
CVE-2026-31609 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after…
CVE-2026-31608 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after…
CVE-2024-35368 — CVSS 9.8 (critical): FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
CVE-2024-11704 — CVSS 9.8 (critical): A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the…
CVE-2024-10934 — CVSS 9.8 (critical): In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server…
CVE-2024-27099 — CVSS 9.8 (critical): The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may…
CVE-2024-23809 — CVSS 9.8 (critical): A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master…
CVE-2024-22097 — CVSS 9.8 (critical): A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111)…
CVE-2023-49937 — CVSS 9.8 (critical): An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service…
CVE-2023-35784 — CVSS 9.8 (critical): A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL…
CVE-2021-33304 — CVSS 9.8 (critical): Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function…
CVE-2022-3806 — CVSS 9.8 (critical): Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.
CVE-2022-44640 — CVSS 9.8 (critical): Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key…
CVE-2022-0699 — CVSS 9.8 (critical): A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a…
CVE-2022-39002 — CVSS 9.8 (critical): Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.
CVE-2022-20127 — CVSS 9.8 (critical): In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution…
CVE-2022-28738 — CVSS 9.8 (critical): A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp…
CVE-2021-23158 — CVSS 9.8 (critical): A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition…
CVE-2021-37120 — CVSS 9.8 (critical): There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege…
CVE-2021-44732 — CVSS 9.8 (critical): Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
CVE-2020-36434 — CVSS 9.8 (critical): An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free.
CVE-2021-36088 — CVSS 9.8 (critical): Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).
CVE-2021-34184 — CVSS 9.8 (critical): Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.
CVE-2021-31162 — CVSS 9.8 (critical): In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
CVE-2020-36318 — CVSS 9.8 (critical): In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain…
CVE-2021-30457 — CVSS 9.8 (critical): An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl.
CVE-2021-30456 — CVSS 9.8 (critical): An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a…
CVE-2021-30455 — CVSS 9.8 (critical): An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic.
CVE-2021-29940 — CVSS 9.8 (critical): An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic…
CVE-2021-0397 — CVSS 9.8 (critical): In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code…
CVE-2021-28034 — CVSS 9.8 (critical): An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a…
CVE-2021-28031 — CVSS 9.8 (critical): An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a…
CVE-2021-28028 — CVSS 9.8 (critical): An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic.
CVE-2021-25907 — CVSS 9.8 (critical): An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be…
CVE-2020-35885 — CVSS 9.8 (critical): An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.
CVE-2020-35862 — CVSS 9.8 (critical): An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.
CVE-2019-25009 — CVSS 9.8 (critical): An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.
CVE-2020-24698 — CVSS 9.8 (critical): An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated…
CVE-2020-24978 — CVSS 9.8 (critical): In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900f…
CVE-2020-1647 — CVSS 9.8 (critical): On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can…
CVE-2020-6072 — CVSS 9.8 (critical): An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing…
CVE-2020-8432 — CVSS 9.8 (critical): In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a…
CVE-2019-10565 — CVSS 9.8 (critical): Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto…