CWE-415 - Double Free

  • 摘要:Variant
  • 结构:Simple
  • 状态:Draft
  • 发布日期:2006-07-19
  • 更新日期:2025-12-11

名称

Double Free

描述

The product calls free() twice on the same memory address.

常见后果

范围:Integrity, Confidentiality, Availability

影响:Modify Memory, Execute Unauthorized Code or Commands

注释:When a program calls free() twice with the same argument, the program's memory management data structures may become corrupted, potentially leading to the reading or modification of unexpected memory addresses. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack. Doubly freeing memory may result in a write-what-where condition, allowing an attacker to execute arbitrary code.

相关 CWE