CWE-1341 Base Incompleto

Multiple Releases of Same Resource or Handle

This vulnerability occurs when a program incorrectly tries to close or release the same system resource—like memory, a file, or a network connection—more than once. This double-free or double-close…

Definição

What is CWE-1341?

This vulnerability occurs when a program incorrectly tries to close or release the same system resource—like memory, a file, or a network connection—more than once. This double-free or double-close violates the API's contract and leads to unpredictable and often dangerous behavior.
Modern software constantly acquires and releases resources such as memory blocks, file handles, and socket connections. APIs like `free()`, `delete()`, or `close()` are designed to manage this lifecycle, but they typically assume the developer will call them exactly once per resource. When the same release function is called a second time on an already-freed resource, the underlying system management structures can become corrupted. This corruption can directly cause crashes, memory leaks, or even create security gaps that attackers might exploit to execute arbitrary code. To prevent this, developers must carefully manage the state of each resource handle, ensuring release calls are paired one-to-one with successful acquisitions. A common best practice is to set pointers or handles to NULL (or another null-like state) immediately after release, as many safe implementations will check for this and ignore subsequent calls. Reusing the same variable identifier for a different resource before properly closing the first is a major risk, as it can lead to closing the wrong, active resource, compounding the problem.
Impacto no mundo real

Real-world CVEs caused by CWE-1341

  • CVE-2019-13351

    file descriptor double close can cause the wrong file to be associated with a file descriptor.

  • CVE-2006-5051

    Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).

  • CVE-2004-0772

    Double free resultant from certain error conditions.

Como os atacantes a exploram

Trajeto do atacante passo a passo

  1. 1

    This example attempts to close a file twice. In some cases, the C library fclose() function will catch the error and return an error code. In other implementations, a double-free (CWE-415) occurs, causing the program to fault. Note that the examples presented here are simplistic, and double fclose() calls will frequently be spread around a program, making them more difficult to find during code reviews.

  2. 2

    There are multiple possible fixes. This fix only has one call to fclose(), which is typically the preferred handling of this problem - but this simplistic method is not always possible.

  3. 3

    This fix uses a flag to call fclose() only once. Note that this flag is explicit. The variable "f" could also have been used as it will be either NULL if the file is not able to be opened or a valid pointer if the file was successfully opened. If "f" is replacing "f_flg" then "f" would need to be set to NULL after the first fclose() call so the second fclose call would never be executed.

  4. 4

    The following code shows a simple example of a double free vulnerability.

  5. 5

    Double free vulnerabilities have two common (and sometimes overlapping) causes:

Exemplo de código vulnerável

Vulnerable C

This example attempts to close a file twice. In some cases, the C library fclose() function will catch the error and return an error code. In other implementations, a double-free (CWE-415) occurs, causing the program to fault. Note that the examples presented here are simplistic, and double fclose() calls will frequently be spread around a program, making them more difficult to find during code reviews.

Vulnerável C 
char b[2000];
 FILE *f = fopen("dbl_cls.c", "r");
 if (f)
 {

```
  b[0] = 0;
   fread(b, 1, sizeof(b) - 1, f);
   printf("%s\n'", b);
   int r1 = fclose(f);
   printf("\n-----------------\n1 close done '%d'\n", r1);
   int r2 = fclose(f); // Double close
   printf("2 close done '%d'\n", r2);
 }
Exemplo de código seguro

Secure C

There are multiple possible fixes. This fix only has one call to fclose(), which is typically the preferred handling of this problem - but this simplistic method is not always possible.

Seguro C 
char b[2000];
 FILE *f = fopen("dbl_cls.c", "r");
 if (f)
 {

```
  b[0] = 0;
   fread(b, 1, sizeof(b) - 1, f);
   printf("%s\n'", b);
   int r = fclose(f);
   printf("\n-----------------\n1 close done '%d'\n", r);
 }
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de verificação de prevenção

How to prevent CWE-1341

  • Implementation Change the code's logic so that the resource is only closed once. This might require simplifying or refactoring. This fix can be simple to do in small code blocks, but more difficult when multiple closes are buried within complex conditionals.
  • Implementation It can be effective to implement a flag that is (1) set when the resource is opened, (2) cleared when it is closed, and (3) checked before closing. This approach can be useful when there are disparate cases in which closes must be performed. However, flag-tracking can increase code complexity and requires diligent compliance by the programmer.
  • Implementation When closing a resource, set the resource's associated variable to NULL or equivalent value for the given language. Some APIs will ignore this null value without causing errors. For other APIs, this can lead to application crashes or exceptions, which may still be preferable to corrupting an unintended resource such as memory or data.
Sinais de deteção

How to detect CWE-1341

Automated Static Analysis

For commonly-used APIs and resource types, automated tools often have signatures that can spot this issue.

Automated Dynamic Analysis

Some compiler instrumentation tools such as AddressSanitizer (ASan) can indirectly detect some instances of this weakness.

Correção automática do Plexicus

O Plexicus deteta automaticamente o CWE-1341 e abre um PR de correção em menos de 60 segundos.

O Codex Remedium analisa cada commit, identifica esta fraqueza exata e entrega um pull request pronto para revisão com o patch. Sem tickets. Sem transferências.

Obter uma demonstração Experimente o Plexicus gratuitamente
Perguntas frequentes

Frequently asked questions

O que é o CWE-1341?

This vulnerability occurs when a program incorrectly tries to close or release the same system resource—like memory, a file, or a network connection—more than once. This double-free or double-close violates the API's contract and leads to unpredictable and often dangerous behavior.

Qual a gravidade do CWE-1341?

A MITRE não publicou uma classificação de probabilidade de exploração para esta fraqueza. Trate-a como impacto médio até o seu modelo de ameaças provar o contrário.

Que linguagens ou plataformas são afetadas pelo CWE-1341?

MITRE lists the following affected platforms: Java, Rust, C, C++, Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.

Como posso prevenir o CWE-1341?

Change the code's logic so that the resource is only closed once. This might require simplifying or refactoring. This fix can be simple to do in small code blocks, but more difficult when multiple closes are buried within complex conditionals. It can be effective to implement a flag that is (1) set when the resource is opened, (2) cleared when it is closed, and (3) checked before closing. This approach can be useful when there are disparate cases in which closes must be performed. However,…

Como é que o Plexicus deteta e corrige o CWE-1341?

O motor SAST do Plexicus correlaciona a assinatura de fluxo de dados do CWE-1341 em cada commit. Quando é encontrada uma correspondência, o nosso agente Codex Remedium abre um PR de correção com o código corrigido, testes e um resumo de uma linha para o revisor.

Onde posso saber mais sobre o CWE-1341?

A MITRE publica a definição canónica em https://cwe.mitre.org/data/definitions/1341.html. Pode também consultar a documentação da OWASP e do NIST para orientações adjacentes.

Fraquezas relacionadas

Weaknesses related to CWE-1341

CWE-675 Pai

Multiple Operations on Resource in Single-Operation Context

This vulnerability occurs when a software component performs the same action on a resource multiple times, even though the action is…

CWE-174 Irmão

Double Decoding of the Same Data

This vulnerability occurs when an application decodes the same piece of data twice in sequence. This double processing can bypass or…

CWE-605 Irmão

Multiple Binds to the Same Port

This vulnerability occurs when a system's socket configuration allows multiple applications to bind to the same network port…

CWE-764 Irmão

Multiple Locks of a Critical Resource

This vulnerability occurs when a critical resource, such as a file, data structure, or connection, is locked more times than the software…

CWE-765 Irmão

Multiple Unlocks of a Critical Resource

This vulnerability occurs when a critical resource, like a lock or semaphore, is unlocked more times than it was locked, putting the…

CWE-672 Pode preceder

Operation on a Resource after Expiration or Release

This vulnerability occurs when a program continues to use a resource—like memory, a file handle, or a network connection—after it has been…

CWE-415 Filho

Double Free

A double free vulnerability occurs when a program mistakenly calls the 'free()' function twice on the same block of memory.

Recursos

Further reading

Pronto quando você estiver

Pare de pagar por desenvolvedor.
Comece a fechar o ciclo.

O Plexicus é o ASPM nativo de IA que verifica, filtra, corrige, pentesta e explica — de forma autónoma. Programadores ilimitados, repos ilimitados, ações de IA de utilização justa. Nível gratuito real, €269/mo anual quando estiver pronto.

Começar grátis Reservar uma demo