The product performs the same operation on a resource two or more times, when the operation should only be applied once.
N/A
Threat Mapped score: 1.8
Industry: Finiancial
Threat priority: P4 - Informational (Low)
CVE: CVE-2009-0935
Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
CVE: CVE-2019-13351
file descriptor double close can cause the wrong file to be associated with a file descriptor.
CVE: CVE-2004-1939
XSS protection mechanism attempts to remove "/" that could be used to close tags, but it can be bypassed using double encoded slashes (%252F)
N/A
N/A
| Phase | Note |
|---|---|
| Implementation | N/A |
Intro: The following code shows a simple example of a double free vulnerability.
Body: Double free vulnerabilities have two common (and sometimes overlapping) causes:
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);Intro: This code binds a server socket to port 21, allowing the server to listen for traffic on that port.
Body: This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.
void bind_socket(void) { int server_sockfd; int server_len; struct sockaddr_in server_address; /*unlink the socket if already bound to avoid an error when bind() is called*/ unlink("server_socket"); server_sockfd = socket(AF_INET, SOCK_STREAM, 0); server_address.sin_family = AF_INET; server_address.sin_port = 21; server_address.sin_addr.s_addr = htonl(INADDR_ANY); server_len = sizeof(struct sockaddr_in); bind(server_sockfd, (struct sockaddr *) &s1, server_len); }