Run static analysis (SAST) on the codebase looking for the unsafe pattern in the data flow.
CWE-605 Variant Draft
Multiple Binds to the Same Port
This vulnerability occurs when a system's socket configuration allows multiple applications to bind to the same network port simultaneously. This can let a malicious process hijack or impersonate…
Definition
What is CWE-605?
This vulnerability occurs when a system's socket configuration allows multiple applications to bind to the same network port simultaneously. This can let a malicious process hijack or impersonate legitimate services running on that port.
The core of the issue lies in the SO_REUSEADDR socket option. On most operating systems, when this option is set, the bind() system call allows a new process to bind to a port even if it's already in use by another process that bound to INADDR_ANY (all interfaces). This effectively bypasses the typical port reservation mechanism.
As a result, an attacker can create a socket that binds specifically to the server's IP address on an unprivileged port. This lets them intercept or 'steal' incoming UDP packets or TCP connection requests intended for the original, legitimate service, leading to denial of service, data theft, or spoofing attacks.
Real-world impact
Real-world CVEs caused by CWE-605
No public CVE references are linked to this CWE in MITRE's catalog yet.
How attackers exploit it
Step-by-step attacker path
- 1
Identify a code path that handles untrusted input without validation.
- 2
Craft a payload that exercises the unsafe behavior — injection, traversal, overflow, or logic abuse.
- 3
Deliver the payload through a normal request and observe the application's reaction.
- 4
Iterate until the response leaks data, executes attacker code, or escalates privileges.
Vulnerable code example
Vulnerable C
This code binds a server socket to port 21, allowing the server to listen for traffic on that port.
void bind_socket(void) {
int server_sockfd;
int server_len;
struct sockaddr_in server_address;
```
/*unlink the socket if already bound to avoid an error when bind() is called*/*
unlink("server_socket");
server_sockfd = socket(AF_INET, SOCK_STREAM, 0);
server_address.sin_family = AF_INET;
server_address.sin_port = 21;
server_address.sin_addr.s_addr = htonl(INADDR_ANY);
server_len = sizeof(struct sockaddr_in);
bind(server_sockfd, (struct sockaddr *) &s1, server_len);} Secure code example
Secure pseudo
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
const safe = validateAndEscape(input);
return executeWithGuards(safe);
} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Prevention checklist
How to prevent CWE-605
- Policy Restrict server socket address to known local addresses.
Detection signals
How to detect CWE-605
Run dynamic application security testing against the live endpoint.
Watch runtime logs for unusual exception traces, malformed input, or authorization bypass attempts.
Code review: flag any new code that handles input from this surface without using the validated framework helpers.
Plexicus auto-detects CWE-605 and opens a fix PR in under 60 seconds.
Codex Remedium scans every commit, identifies this exact weakness, and ships a reviewer-ready pull request with the patch. No tickets. No hand-offs.
Frequently asked questions What is CWE-605?
How serious is CWE-605?
What languages or platforms are affected by CWE-605?
How can I prevent CWE-605?
How does Plexicus detect and fix CWE-605?
Where can I learn more about CWE-605?
Frequently asked questions
What is CWE-605?
This vulnerability occurs when a system's socket configuration allows multiple applications to bind to the same network port simultaneously. This can let a malicious process hijack or impersonate legitimate services running on that port.
How serious is CWE-605?
MITRE has not published a likelihood-of-exploit rating for this weakness. Treat it as medium-impact until your threat model proves otherwise.
What languages or platforms are affected by CWE-605?
MITRE has not specified affected platforms for this CWE — it can apply across most application stacks.
How can I prevent CWE-605?
Restrict server socket address to known local addresses.
How does Plexicus detect and fix CWE-605?
Plexicus's SAST engine matches the data-flow signature for CWE-605 on every commit. When a match is found, our Codex Remedium agent opens a fix PR with the corrected code, tests, and a one-line summary for the reviewer.
Where can I learn more about CWE-605?
MITRE publishes the canonical definition at https://cwe.mitre.org/data/definitions/605.html. You can also reference OWASP and NIST documentation for adjacent guidance.
Related weaknesses
Weaknesses related to CWE-605
CWE-675 Parent
Multiple Operations on Resource in Single-Operation Context
This vulnerability occurs when a software component performs the same action on a resource multiple times, even though the action is…
CWE-1341 Sibling
Multiple Releases of Same Resource or Handle
This vulnerability occurs when a program incorrectly tries to close or release the same system resource—like memory, a file, or a network…
CWE-174 Sibling
Double Decoding of the Same Data
This vulnerability occurs when an application decodes the same piece of data twice in sequence. This double processing can bypass or…
CWE-764 Sibling
Multiple Locks of a Critical Resource
This vulnerability occurs when a critical resource, such as a file, data structure, or connection, is locked more times than the software…
CWE-765 Sibling
Multiple Unlocks of a Critical Resource
This vulnerability occurs when a critical resource, like a lock or semaphore, is unlocked more times than it was locked, putting the…
Ready when you are
Stop paying per developer.
Start closing the loop.
Plexicus is the AI-native ASPM that scans, filters, fixes, pentests, and explains — autonomously. Unlimited developers, unlimited repos, fair-use AI actions. Real free tier, €269/mo annual when you're ready.