Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-45402

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-11 Oct, 2024 | 14:38
Updated At-15 Oct, 2024 | 16:11
Rejected At-
Credits

Picotls double free

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:11 Oct, 2024 | 14:38
Updated At:15 Oct, 2024 | 16:11
Rejected At:
▼CVE Numbering Authority (CNA)
Picotls double free

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d.

Affected Products
Vendor
h2o
Product
picotls
Versions
Affected
  • < 9b88159ce763d680e4a13b6e8f3171ae923a535d
Problem Types
TypeCWE IDDescription
CWECWE-415CWE-415: Double Free
Type: CWE
CWE ID: CWE-415
Description: CWE-415: Double Free
Metrics
VersionBase scoreBase severityVector
3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/h2o/picotls/security/advisories/GHSA-w7c8-wjx9-vvvv
x_refsource_CONFIRM
https://github.com/h2o/picotls/commit/9b88159ce763d680e4a13b6e8f3171ae923a535d
x_refsource_MISC
Hyperlink: https://github.com/h2o/picotls/security/advisories/GHSA-w7c8-wjx9-vvvv
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/h2o/picotls/commit/9b88159ce763d680e4a13b6e8f3171ae923a535d
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
h2o_project
Product
picotls
CPEs
  • cpe:2.3:a:h2o_project:picotls:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 9b88159ce763d680e4a13b6e8f3171ae923a535d (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:11 Oct, 2024 | 15:15
Updated At:12 Nov, 2024 | 20:02

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CPE Matches
dena
dena
>>picotls>>Versions from 2024-08-12(inclusive) to 2024-10-10(exclusive)
cpe:2.3:a:dena:picotls:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-415Primarysecurity-advisories@github.com
CWE ID: CWE-415
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/h2o/picotls/commit/9b88159ce763d680e4a13b6e8f3171ae923a535dsecurity-advisories@github.com
Patch
https://github.com/h2o/picotls/security/advisories/GHSA-w7c8-wjx9-vvvvsecurity-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/h2o/picotls/commit/9b88159ce763d680e4a13b6e8f3171ae923a535d
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/h2o/picotls/security/advisories/GHSA-w7c8-wjx9-vvvv
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

72Records found
CVE-2021-34184
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.90%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 14:52
Updated-26 Aug, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.

Action-Not Available
Vendor-mackronn/a
Product-miniaudion/a
CWE ID-CWE-415
Double Free
CVE-2021-30457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.94%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 21:19
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl.

Action-Not Available
Vendor-id-map_projectn/a
Product-id-mapn/a
CWE ID-CWE-415
Double Free
CVE-2021-30455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.94%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 21:20
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic.

Action-Not Available
Vendor-id-map_projectn/a
Product-id-mapn/a
CWE ID-CWE-415
Double Free
CVE-2015-8880
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.79% / 81.97%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-415
Double Free
CVE-2021-31162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.83% / 73.55%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

Action-Not Available
Vendor-rust-langn/aFedora Project
Product-rustfedoran/a
CWE ID-CWE-415
Double Free
CVE-2021-30456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.94%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 21:19
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function.

Action-Not Available
Vendor-id-map_projectn/a
Product-id-mapn/a
CWE ID-CWE-415
Double Free
CVE-2021-29940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.11%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 04:22
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function.

Action-Not Available
Vendor-through_projectn/a
Product-throughn/a
CWE ID-CWE-415
Double Free
CVE-2021-28031
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.01%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 08:40
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.

Action-Not Available
Vendor-scratchpad_projectn/a
Product-scratchpadn/a
CWE ID-CWE-415
Double Free
CVE-2018-3985
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.3||HIGH
EPSS-3.37% / 86.87%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 15:30
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

Action-Not Available
Vendor-getcujon/a
Product-smart_firewallCUJO
CWE ID-CWE-415
Double Free
CVE-2021-28034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.01%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 08:39
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic.

Action-Not Available
Vendor-stack_dst_projectn/a
Product-stack_dstn/a
CWE ID-CWE-415
Double Free
CVE-2021-25907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.01%
||
7 Day CHG~0.00%
Published-22 Jan, 2021 | 09:02
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.

Action-Not Available
Vendor-containers_projectn/a
Product-containersn/a
CWE ID-CWE-415
Double Free
CVE-2021-23158
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.33%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:12
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.

Action-Not Available
Vendor-htmldoc_projectn/a
Product-htmldochtmldoc
CWE ID-CWE-415
Double Free
CVE-2017-12858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.08%
||
7 Day CHG~0.00%
Published-23 Aug, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.

Action-Not Available
Vendor-libzipn/a
Product-libzipn/a
CWE ID-CWE-415
Double Free
CVE-2019-10565
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.64%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, QCN7605, QCS405, QCS605, SDM845, SDX24, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206msm8905mdm9207cmsm8909sdx24_firmwareqcs405_firmwaresdm845qcn7605sdx24mdm9206_firmwaremdm9607_firmwareqcs605qcs405apq8053msm8909w_firmwaremdm9607msm8905_firmwaresxr1130_firmwareqcn7605_firmwaresxr1130msm8909wmsm8909_firmwareapq8053_firmwareqcs605_firmwaremdm9207c_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-415
Double Free
CVE-2019-11049
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-6.5||MEDIUM
EPSS-1.97% / 82.78%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 02:40
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mail() may release string with refcount==1 twice

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.

Action-Not Available
Vendor-The PHP GroupDebian GNU/LinuxTenable, Inc.Fedora ProjectMicrosoft Corporation
Product-phpdebian_linuxfedorawindowssecuritycenterPHP
CWE ID-CWE-415
Double Free
CVE-2022-39002
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.59%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOS;EMUI;Magic UI
CWE ID-CWE-415
Double Free
CVE-2024-35368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.35%
||
7 Day CHG+0.03%
Published-29 Nov, 2024 | 00:00
Updated-03 Jun, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-415
Double Free
CVE-2024-27099
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 80.37%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 18:58
Updated-14 Feb, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure IoT Platform Device SDK Double Free Vulnerability

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.

Action-Not Available
Vendor-AzureMicrosoft Corporation
Product-azure_uamqpazure-uamqp-cazure_uamqp
CWE ID-CWE-415
Double Free
CVE-2024-23809
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.62%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 15:29
Updated-10 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Projectthe_biosig_projectFedora Project
Product-fedoralibbiosiglibbiosigfedoralibbiosig
CWE ID-CWE-415
Double Free
CVE-2024-22097
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.62%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 15:29
Updated-10 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Projectthe_biosig_projectFedora Project
Product-fedoralibbiosiglibbiosigfedoralibbiosig
CWE ID-CWE-415
Double Free
CVE-2022-3806
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.04%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bluetooth HCI Error Handling Double Free

Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-415
Double Free
CVE-2020-35862
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.33%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 08:29
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.

Action-Not Available
Vendor-bitvec_projectn/a
Product-bitvecn/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-415
Double Free
  • Previous
  • 1
  • 2
  • Next
Details not found