CWE-415 双重释放 类弱点 195 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-415 属于内存管理漏洞,指程序对同一内存地址重复调用释放函数。攻击者通常利用此缺陷触发堆损坏,进而实现任意代码执行或导致服务拒绝。开发者应避免此类问题,需确保指针在释放后立即置空,并引入引用计数或所有权机制来严格管理内存生命周期,防止重复释放。
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);#include <stdio.h> #include <unistd.h> #define BUFSIZE1 512 #define BUFSIZE2 ((BUFSIZE1/2) - 8) int main(int argc, char **argv) { char *buf1R1; char *buf2R1; char *buf1R2; buf1R1 = (char *) malloc(BUFSIZE2); buf2R1 = (char *) malloc(BUFSIZE2); free(buf1R1); free(buf2R1); buf1R2 = (char *) malloc(BUFSIZE1); strncpy(buf1R2, argv[1], BUFSIZE1-1); free(buf2R1); free(buf1R2); }| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-11576 | NetX Duo 未初始化内存访问漏洞 — Eclipse ThreadX - NetX Duo | 7.5 | High | 2026-06-19 |
| CVE-2026-12043 | aws-c-http 资源管理错误漏洞 — aws-c-http | 8.8 | High | 2026-06-12 |
| CVE-2026-35188 | OpenSSL 资源管理错误漏洞 — OpenSSL | - | - | 2026-06-09 |
| CVE-2026-45324 | Rizin 资源管理错误漏洞 — rizin | 3.3 | Low | 2026-05-29 |
| CVE-2026-48850 | PuTTY 资源管理错误漏洞 — PuTTY | 3.7 | Low | 2026-05-25 |
| CVE-2026-32848 | NetBSD 竞争条件问题漏洞 — src | 4.7 | Medium | 2026-05-18 |
| CVE-2020-37239 | babl 资源管理错误漏洞 — libbabl | 9.8 | Critical | 2026-05-16 |
| CVE-2026-44348 | PoDoFo 资源管理错误漏洞 — podofo | 2.5 | Low | 2026-05-14 |
| CVE-2026-34341 | Microsoft Windows 资源管理错误漏洞 — Windows 10 Version 1607 | 7.0 | High | 2026-05-12 |
| CVE-2026-33838 | Microsoft Message Queuing 资源管理错误漏洞 — Windows 10 Version 1607 | 7.8 | High | 2026-05-12 |
| CVE-2026-32170 | Microsoft Rich Text Edit Control 资源管理错误漏洞 — Windows 10 Version 1607 | 6.7 | Medium | 2026-05-12 |
| CVE-2026-21530 | Microsoft Rich Text Edit Control 资源管理错误漏洞 — Microsoft 365 Apps for Enterprise | 6.7 | Medium | 2026-05-12 |
| CVE-2026-23918 | Apache HTTP Server 资源管理错误漏洞 — Apache HTTP Server | 9.8 | - | 2026-05-04 |
| CVE-2026-5657 | Wireshark 资源管理错误漏洞 — Wireshark | 5.5 | Medium | 2026-04-30 |
| CVE-2026-33824 | Microsoft Windows IKE Extension 资源管理错误漏洞 — Windows 10 Version 1607 | 9.8 | Critical | 2026-04-14 |
| CVE-2026-32074 | Microsoft Projected File System 资源管理错误漏洞 — Windows 10 Version 1809 | 7.8 | High | 2026-04-14 |
| CVE-2026-32069 | Microsoft Projected File System 资源管理错误漏洞 — Windows 10 Version 1809 | 7.8 | High | 2026-04-14 |
| CVE-2026-26163 | Microsoft Windows Kernel 资源管理错误漏洞 — Windows 10 Version 1607 | 7.8 | High | 2026-04-14 |
| CVE-2026-32219 | Microsoft Brokering File System 资源管理错误漏洞 — Windows 11 Version 24H2 | 7.0 | High | 2026-04-14 |
| CVE-2026-26179 | Microsoft Windows Kernel 资源管理错误漏洞 — Windows 11 version 22H3 | 7.8 | High | 2026-04-14 |
| CVE-2026-26166 | Microsoft Windows Shell 资源管理错误漏洞 — Windows 11 version 22H3 | 7.0 | High | 2026-04-14 |
| CVE-2026-34867 | Huawei HarmonyOS 安全漏洞 — HarmonyOS | 5.6 | Medium | 2026-04-13 |
| CVE-2026-5186 | stb 资源管理错误漏洞 — stb | 5.3 | Medium | 2026-03-31 |
| CVE-2026-33995 | FreeRDP 资源管理错误漏洞 — FreeRDP | 5.3 | Medium | 2026-03-30 |
| CVE-2026-4358 | MongoDB Server 安全漏洞 — MongoDB Server | 6.4 | Medium | 2026-03-17 |
| CVE-2026-28537 | Huawei HarmonyOS 安全漏洞 — HarmonyOS | 5.1 | Medium | 2026-03-05 |
| CVE-2025-12343 | FFmpeg 安全漏洞 | 3.3 | Low | 2026-02-18 |
| CVE-2026-25556 | MuPDF 资源管理错误漏洞 — MuPDF | 7.8AI | HighAI | 2026-02-06 |
| CVE-2026-20415 | MediaTek Chipsets 安全漏洞 — MediaTek chipset | 4.4AI | MediumAI | 2026-02-02 |
| CVE-2026-21918 | Juniper Networks Junos OS 资源管理错误漏洞 — Junos OS | 7.5 | High | 2026-01-15 |
CWE-415(双重释放) 是常见的弱点类别,本平台收录该类弱点关联的 195 条 CVE 漏洞。