CVE-2026-33811
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
CVSS
7.5
High
EPSS
0.8%
p53
KEV
—
Exploit Today
16
0-100
Published: May 7, 2026 · Last modified: Jul 16, 2026 · CWE-415 · CWE-1341
0.8%EPSS · 30 days0.8%
2026-06-302026-07-16
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
- go.devhttps://go.dev/cl/767860
- go.devhttps://go.dev/issue/78803
- groups.google.comhttps://groups.google.com/g/golang-announce/c/qcCIEXso47M
- pkg.go.devhttps://pkg.go.dev/vuln/GO-2026-4981
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:23262
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:23264
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33120
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33123
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33142
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33150
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33574
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:34357
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:34359
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:34364
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35832
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35993
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35994
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35995
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36207
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36319
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-239188.8 HIG98.7%
——30Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.2dCVE-2026-89259.8 CRI61.3%
——18The curl logic that works with SASL authentication could end up cleaning up
the GSASL context *twice* without clearing the pointer in between, making it
`free()` the same pointer twice.9dCVE-2026-506857.5 HIG45.6%
——14Double free in Windows DHCP Server allows an authorized attacker to execute code over a network.2dCVE-2026-430119.8 CRI44.3%
——13In the Linux kernel, the following vulnerability has been resolved:
net/x25: Fix potential double free of skb
When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at
line 48 and returns 1 (error).
This error propagates back through the call chain:
x25_queue_rx_frame returns 1
|
v
x25_state3_machine receives the return value 1 and takes the else
branch at line 278, setting queued=0 and returning 0
|
v
x25_process_rx_frame returns queued=0
|
v
x25_backlog_rcv at line 452 sees queued=0 and calls kfree_skb(skb)
again
This would free the same skb twice. Looking at x25_backlog_rcv:
net/x25/x25_in.c:x25_backlog_rcv() {
...
queued = x25_process_rx_frame(sk, skb);
...
if (!queued)
kfree_skb(skb);
}2dCVE-2018-109027.8 HIG40.8%
——12It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.9dCVE-2025-53516.5 MED39.1%
——12A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.17d