The product performs the same operation on a resource two or more times, when the operation should only be applied once.
View on MITRENo mitigation information available for this CWE.
No detection method information available for this CWE.
The following code shows a simple example of a double free vulnerability.
Double free vulnerabilities have two common (and sometimes overlapping) causes:
This code binds a server socket to port 21, allowing the server to listen for traffic on that port.
This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.
Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
View Detailsfile descriptor double close can cause the wrong file to be associated with a file descriptor.
View DetailsXSS protection mechanism attempts to remove "/" that could be used to close tags, but it can be bypassed using double encoded slashes (%252F)
View DetailsCWE-675: Multiple Operations on Resource in Single-Operation Context is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product performs the same operation on a resource two or more times, when the operation should only be applied once.
If exploited, CWE-675 (Multiple Operations on Resource in Single-Operation Context) it can compromise Other, leading to outcomes such as Other.
CWE-675 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-675, including CVE-2009-0935, CVE-2019-13351 and CVE-2004-1939. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-675 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.