CWE-675: Multiple Operations on Resource in Single-Operation Context

Implementation

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following code shows a simple example of a double free vulnerability.

Vulnerable example

char* ptr = (char*)malloc (SIZE);

This code binds a server socket to port 21, allowing the server to listen for traffic on that port.

Vulnerable example

void bind_socket(void) {

This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.

CWE-675: Multiple Operations on Resource in Single-Operation Context

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Frequently asked questions

What is CWE-675?

What CVEs are caused by CWE-675?

What are the consequences of CWE-675?

Is CWE-675 actively exploited?

References

Stay ahead of CWE-675

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Peer

Frequently asked questions

What is CWE-675?

What CVEs are caused by CWE-675?

What are the consequences of CWE-675?

Is CWE-675 actively exploited?

References

Stay ahead of CWE-675