CWE-675: Multiple Operations on Resource in Single-Operation Context
The product performs the same operation on a resource two or more times, when the operation should only be applied once.
View on MITRETechnical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
No mitigation information available for this CWE.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Demonstrative Examples
The following code shows a simple example of a double free vulnerability.
Double free vulnerabilities have two common (and sometimes overlapping) causes:
This code binds a server socket to port 21, allowing the server to listen for traffic on that port.
This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.
Observed CVE Examples (3)
Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
View Detailsfile descriptor double close can cause the wrong file to be associated with a file descriptor.
View DetailsXSS protection mechanism attempts to remove "/" that could be used to close tags, but it can be bypassed using double encoded slashes (%252F)
View DetailsCWE Relationships
Frequently Asked Questions
What is CWE-675: Multiple Operations on Resource in Single-Operation Context?+
CWE-675: Multiple Operations on Resource in Single-Operation Context is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product performs the same operation on a resource two or more times, when the operation should only be applied once.
What are the security consequences of Multiple Operations on Resource in Single-Operation Context?+
If exploited, CWE-675 (Multiple Operations on Resource in Single-Operation Context) it can compromise Other, leading to outcomes such as Other.
Which programming languages are affected by Multiple Operations on Resource in Single-Operation Context?+
CWE-675 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What are real-world examples of Multiple Operations on Resource in Single-Operation Context?+
MITRE documents real CVEs mapped to CWE-675, including CVE-2009-0935, CVE-2019-13351 and CVE-2004-1939. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-675 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.