logo

Multiple Releases of Same Resource or Handle

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when a program incorrectly tries to close or release the same system resource—like memory, a file, or a network connection—more than once. This double-free or double-close violates the API's contract and leads to unpredictable and often dangerous behavior.

Extended Description

Modern software constantly acquires and releases resources such as memory blocks, file handles, and socket connections. APIs like `free()`, `delete()`, or `close()` are designed to manage this lifecycle, but they typically assume the developer will call them exactly once per resource. When the same release function is called a second time on an already-freed resource, the underlying system management structures can become corrupted. This corruption can directly cause crashes, memory leaks, or even create security gaps that attackers might exploit to execute arbitrary code. To prevent this, developers must carefully manage the state of each resource handle, ensuring release calls are paired one-to-one with successful acquisitions. A common best practice is to set pointers or handles to NULL (or another null-like state) immediately after release, as many safe implementations will check for this and ignore subsequent calls. Reusing the same variable identifier for a different resource before properly closing the first is a major risk, as it can lead to closing the wrong, active resource, compounding the problem.
Common Consequences 1
Scope: AvailabilityIntegrity

Impact: DoS: Crash, Exit, or Restart
Detection Methods 2
Automated Static Analysis
For commonly-used APIs and resource types, automated tools often have signatures that can spot this issue.
Automated Dynamic Analysis
Some compiler instrumentation tools such as AddressSanitizer (ASan) can indirectly detect some instances of this weakness.
Potential Mitigations 3
Phase: Implementation
Change the code's logic so that the resource is only closed once. This might require simplifying or refactoring. This fix can be simple to do in small code blocks, but more difficult when multiple closes are buried within complex conditionals.
Phase: Implementation

Strategy: Refactoring

It can be effective to implement a flag that is (1) set when the resource is opened, (2) cleared when it is closed, and (3) checked before closing. This approach can be useful when there are disparate cases in which closes must be performed. However, flag-tracking can increase code complexity and requires diligent compliance by the programmer.
Phase: Implementation

Strategy: Refactoring

When closing a resource, set the resource's associated variable to NULL or equivalent value for the given language. Some APIs will ignore this null value without causing errors. For other APIs, this can lead to application crashes or exceptions, which may still be preferable to corrupting an unintended resource such as memory or data.

Effectiveness: Defense in Depth
Demonstrative Examples 2
This example attempts to close a file twice. In some cases, the C library fclose() function will catch the error and return an error code. In other implementations, a double-free (Double Free) occurs, causing the program to fault. Note that the examples presented here are simplistic, and double fclose() calls will frequently be spread around a program, making them more difficult to find during code reviews.

Code Example:

Bad
C

char b[2000]; FILE *f = fopen("dbl_cls.c", "r"); if (f) {

c
There are multiple possible fixes. This fix only has one call to fclose(), which is typically the preferred handling of this problem - but this simplistic method is not always possible.

Code Example:

Good
C

char b[2000]; FILE *f = fopen("dbl_cls.c", "r"); if (f) {

c
This fix uses a flag to call fclose() only once. Note that this flag is explicit. The variable "f" could also have been used as it will be either NULL if the file is not able to be opened or a valid pointer if the file was successfully opened. If "f" is replacing "f_flg" then "f" would need to be set to NULL after the first fclose() call so the second fclose call would never be executed.

Code Example:

Good
C

char b[2000]; int f_flg = 0; FILE *f = fopen("dbl_cls.c", "r"); if (f) {

c

ID : DX-149

The following code shows a simple example of a double free vulnerability.

Code Example:

Bad
C
c
Double free vulnerabilities have two common (and sometimes overlapping) causes:
- Error conditions and other exceptional circumstances - Confusion over which part of the program is responsible for freeing the memory
Although some double free vulnerabilities are not much more complicated than this example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once.
Observed Examples 3
CVE-2019-13351file descriptor double close can cause the wrong file to be associated with a file descriptor.
CVE-2006-5051Chain: Signal handler contains too much functionality (Signal Handler with Functionality that is not Asynchronous-Safe), introducing a race condition that leads to a double free (Double Free).
CVE-2004-0772Double free resultant from certain error conditions.
References 4
close - Perldoc Browser
https://perldoc.perl.org/functions/close
ID: REF-1198
io - Core tools for working with streams — Python 3.9.7 documentation
02-09-2021
https://docs.python.org/3.9/library/io.html#io.IOBase.close
ID: REF-1199
FileOutputStream (Java Platform SE 7 )
2020
https://docs.oracle.com/javase/7/docs/api/java/io/FileOutputStream.html
ID: REF-1200
FileOutputStream (Java SE 11 & JDK 11 )
2021
https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/FileOutputStream.html
ID: REF-1201
Applicable Platforms
Languages:
Java : UndeterminedRust : UndeterminedNot Language-Specific : UndeterminedC : UndeterminedC++ : Undetermined
Technologies:
Not Technology-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Multiple Operations on Resource in Single-Operation Context (CWE-675)
CanPrecede: Operation on a Resource after Expiration or Release (CWE-672)
Notes
TerminologyThe terms related to "release" may vary depending on the type of resource, programming language, specification, or framework. "Close" has been used synonymously for the release of resources like file descriptors and file handles. "Return" is sometimes used instead of Release. "Free" is typically used when releasing memory or buffers back into the system for reuse.