Cyber Resilience

CWE · MITRE source

CWE-415Double Free

Abstraction: Variant · CVEs in our corpus: 799

The product calls free() twice on the same memory address.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 6 mapping(s) from 2 framework(s): ATT&CK 5 (mostly) · STIG oracle linux 8 1 (partial)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2014-0502 KEV10.08.80.24202014-02-21
CVE-2018-4990 KEV10.08.80.40542018-07-09
CVE-2020-9859 KEV10.07.80.00832020-06-05
CVE-2021-22600 KEV10.06.60.05922022-01-26
CVE-2025-62215 KEV10.07.00.06102025-11-11
CVE-2003-05458.09.80.85452003-11-17
CVE-2018-01018.010.00.87402018-01-29
CVE-2019-38298.05.30.58972019-03-27
CVE-2021-34078.05.50.50232021-02-23
CVE-2023-251368.06.50.89952023-02-03
CVE-2026-338248.09.80.55852026-04-14
CVE-2002-00597.09.80.09512002-03-15
CVE-2004-07727.09.80.06992004-10-20
CVE-2005-16897.09.80.11012005-07-18
CVE-2015-88807.09.80.02952016-05-22
CVE-2016-31327.09.80.11672016-08-07
CVE-2016-57687.09.80.09632016-08-07
CVE-2016-57727.09.80.09672016-08-07
CVE-2016-31777.09.80.01632017-01-23
CVE-2016-69127.09.80.04452017-01-26
CVE-2017-53347.09.80.32752017-03-24
CVE-2017-111397.09.80.02702017-07-10
CVE-2017-10000727.09.80.02122017-07-17
CVE-2017-128587.09.80.03702017-08-23
CVE-2015-77007.09.80.02192017-08-31