CWE-415
Double Free
AI Translation Available
The product calls free() twice on the same memory address.
Status
draft
Abstraction
variant
Likelihood
high
Affected Platforms
C
C++
Technical Details
AI Translation
Common Consequences
integrity
confidentiality
availability
Impacts
modify memory
execute unauthorized code or commands
Detection Methods
fuzzing
automated static analysis
Potential Mitigations
Phases:
architecture and design
implementation
Descriptions:
•
Choose a language that provides automatic memory management.
•
Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once.
•
Use a static analysis tool to find double free instances.
Functional Areas
memory management