CWE-1341: Multiple Releases of Same Resource or Handle
The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.
Last updated
Overview
Code typically requires "opening" handles or references to resources such as memory, files, devices, socket connections, services, etc. When the code is finished with using the resource, it is typically expected to "close" or "release" the resource, which indicates to the environment (such as the OS) that the resource can be re-assigned or reused by unrelated processes or actors - or in some cases, within the same process. API functions or other abstractions are often used to perform this release, such as free() or delete() within C/C++, or file-handle close() operations that are used in many languages. Unfortunately, the implementation or design of such APIs might expect the developer to be responsible for ensuring that such APIs are only called once per release of the resource. If the developer attempts to release the same resource/handle more than once, then the API's expectations are not met, resulting in undefined and/or insecure behavior. This could lead to consequences such as memory corruption, data corruption, execution path corruption, or other consequences. Note that while the implementation for most (if not all) resource reservation allocations involve a unique identifier/pointer/symbolic reference, then if this identifier is reused, checking the identifier for resource closure may result in a false state of openness and closing of the wrong resource. For this reason, reuse of identifiers is discouraged.
Real-world CVEs
6 recorded CVEs are caused by CWE-1341 (Multiple Releases of Same Resource or Handle). The highest-severity and most recent are shown first. 6 new CWE-1341 CVEs have been recorded so far in 2026.
- CVE-2026-45898
RDMA/iwcm: Fix workqueue list corruption by removing work_list
Critical · CVSS 9.8 · EPSS 37th2026-05-27 - CVE-2026-52987
drm/amdgpu: avoid double drm_exec_fini() in userq validate
High · CVSS 7.8 · EPSS 4th2026-06-24 - CVE-2026-46189
RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
High · CVSS 7.8 · EPSS 4th2026-05-28 - CVE-2026-43494
net/rds: reset op_nents when zerocopy page pin fails
High · CVSS 7.8 · EPSS 19th2026-05-21 - CVE-2026-43178
procfs: fix possible double mmput() in do_procmap_query()
High · CVSS 7.8 · EPSS 3th2026-05-06 - CVE-2026-33811
Crash when handling long CNAME response in net
High · CVSS 7.5 · EPSS 53th2026-05-07
Common consequences
What can happen when CWE-1341 is exploited.
DoS: Crash, Exit, or Restart
Affects: Availability, Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
How to prevent it
Practical mitigations for CWE-1341, grouped by where in the lifecycle they apply.
Change the code's logic so that the resource is only closed once. This might require simplifying or refactoring. This fix can be simple to do in small code blocks, but more difficult when multiple closes are buried within complex conditionals.
It can be effective to implement a flag that is (1) set when the resource is opened, (2) cleared when it is closed, and (3) checked before closing. This approach can be useful when there are disparate cases in which closes must be performed. However, flag-tracking can increase code complexity and requires diligent compliance by the programmer.
When closing a resource, set the resource's associated variable to NULL or equivalent value for the given language. Some APIs will ignore this null value without causing errors. For other APIs, this can lead to application crashes or exceptions, which may still be preferable to corrupting an unintended resource such as memory or data.
Effectiveness: Defense in Depth
How to detect it
Automated Static Analysis
For commonly-used APIs and resource types, automated tools often have signatures that can spot this issue.
Automated Dynamic Analysis
Some compiler instrumentation tools such as AddressSanitizer (ASan) can indirectly detect some instances of this weakness.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
This example attempts to close a file twice. In some cases, the C library fclose() function will catch the error and return an error code. In other implementations, a double-free (CWE-415) occurs, causing the program to fault. Note that the examples presented here are simplistic, and double fclose() calls will frequently be spread around a program, making them more difficult to find during code reviews.
Vulnerable example
b[0] = 0;Safe example
b[0] = 0;Safe example
f_flg = 1;The following code shows a simple example of a double free vulnerability.
Vulnerable example
char* ptr = (char*)malloc (SIZE);Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2019-13351 — file descriptor double close can cause the wrong file to be associated with a file descriptor.
- CVE-2006-5051 — Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition (CWE-362) that leads to a double free (CWE-415).
- CVE-2004-0772 — Double free resultant from certain error conditions.
Frequently asked questions
Common questions about CWE-1341.
- What is CWE-1341?
- The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.
- What CVEs are caused by CWE-1341?
- 6 recorded CVEs are attributed to CWE-1341, including CVE-2026-45898, CVE-2026-52987, CVE-2026-46189.
- How do you prevent CWE-1341?
- Change the code's logic so that the resource is only closed once. This might require simplifying or refactoring. This fix can be simple to do in small code blocks, but more difficult when multiple closes are buried within complex conditionals.
- How is CWE-1341 detected?
- Automated Static Analysis: For commonly-used APIs and resource types, automated tools often have signatures that can spot this issue.
- What are the consequences of CWE-1341?
- Exploiting CWE-1341 can lead to: DoS: Crash, Exit, or Restart.
- Is CWE-1341 actively exploited?
- 6 recorded CVEs are caused by CWE-1341; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1341) (opens in a new tab)
- CWE-1341 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1341
Get alerted the moment a new CWE-1341 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.