CWE-675: Multiple Operations on Resource in Single-Operation Context
Description
The product performs the same operation on a resource two or more times, when the operation should only be applied once.
Submission Date :
April 11, 2008, midnight
Modification Date :
2023-10-26 00:00:00+00:00
Organization :
MITRE
Example - 1
The following code shows a simple example of a double free vulnerability. Double free vulnerabilities have two common (and sometimes overlapping) causes: Although some double free vulnerabilities are not much more complicated than this example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once.
free(ptr);
char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);
Example - 2
This code binds a server socket to port 21, allowing the server to listen for traffic on that port. This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.
// /*unlink the socket if already bound to avoid an error when bind() is called*///
int server_sockfd;int server_len;struct sockaddr_in server_address;unlink("server_socket");server_sockfd = socket(AF_INET, SOCK_STREAM, 0);server_address.sin_family = AF_INET;server_address.sin_port = 21;server_address.sin_addr.s_addr = htonl(INADDR_ANY);server_len = sizeof(struct sockaddr_in);bind(server_sockfd, (struct sockaddr *) &s1, server_len);void bind_socket(void) {}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
CWE-85: Doubled Character XSS Manipulations
CWE-102: Struts: Duplicate Validation Forms
CWE-174: Double Decoding of the Same Data
CWE-573: Improper Following of Specification by Caller
CWE-586: Explicit Call to Finalize()
CWE-605: Multiple Binds to the Same Port
CWE-764: Multiple Locks of a Critical Resource
CWE-765: Multiple Unlocks of a Critical Resource
CWE-1341: Multiple Releases of Same Resource or Handle
Visit http://cwe.mitre.org/ for more details.