CVE & Exploit Intelligence Database

CVE-2023-28583 6.7 MEDIUM EPSS 0.00

Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.

CWE-415 Jan 02, 2024

CVE-2023-52284 5.5 MEDIUM EPSS 0.00

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.

CWE-415 Dec 31, 2023

CVE-2023-4256 5.5 MEDIUM EPSS 0.00

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

CWE-415 Dec 21, 2023

CVE-2023-49937 9.8 CRITICAL EPSS 0.00

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

CWE-415 Dec 14, 2023

CVE-2023-41678 8.8 HIGH EPSS 0.00

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

CWE-415 Dec 13, 2023

CVE-2023-40103 7.8 HIGH EPSS 0.00

In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE-415 Dec 04, 2023

CVE-2023-48013 7.8 HIGH 1 Writeup EPSS 0.00

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.

CWE-415 Nov 15, 2023

CVE-2023-43281 6.5 MEDIUM 1 Writeup EPSS 0.00

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

CWE-415 Oct 25, 2023

CVE-2023-45679 7.3 HIGH 1 Writeup EPSS 0.00

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.

CWE-415 Oct 21, 2023

CVE-2023-45666 7.3 HIGH 1 Writeup EPSS 0.00

stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed

CWE-415 Oct 21, 2023

CVE-2023-45664 7.3 HIGH 1 Writeup EPSS 0.00

stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.

CWE-415 Oct 21, 2023

CVE-2023-42459 8.6 HIGH EPSS 0.00

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CWE-415 Oct 16, 2023

CVE-2023-36420 7.8 HIGH EPSS 0.00

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CWE-415 Oct 10, 2023

CVE-2023-36418 7.8 HIGH EPSS 0.01

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

CWE-415 Oct 10, 2023

CVE-2023-32824 6.7 MEDIUM EPSS 0.00

In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961.

CWE-415 Oct 02, 2023

CVE-2023-41911 4.7 MEDIUM EPSS 0.00

Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).

CWE-415 Sep 28, 2023

CVE-2023-41374 7.8 HIGH EPSS 0.00

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.

CWE-415 Sep 20, 2023

CVE-2023-41325 7.4 HIGH 1 Writeup EPSS 0.00

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.

CWE-415 Sep 15, 2023

CVE-2023-4389 7.0 HIGH EPSS 0.00

A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.

CWE-415 Aug 16, 2023

CVE-2023-39975 8.8 HIGH 1 Writeup EPSS 0.01

kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.

CWE-415 Aug 16, 2023