Description
The code contains a callable, block, or other code element in which the same variable is used to control more than one unique task or store more than one instance of data.
Potential Impact
Other
Reduce Maintainability
Other
Increase Analytical Complexity
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2023-26463 | Chain: IPSec VPN product uses the same variable for multiple purposes in the same function (CWE-1109), leading to incorrect access control (CWE-284) and expired pointer dereference (CWE-825) |
Related Weaknesses
Frequently Asked Questions
What is CWE-1109?
CWE-1109 (Use of Same Variable for Multiple Purposes) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The code contains a callable, block, or other code element in which the same variable is used to control more than one unique task or store more than one instance of data.
How can CWE-1109 be exploited?
Attackers can exploit CWE-1109 (Use of Same Variable for Multiple Purposes) to reduce maintainability. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-1109?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1109?
CWE-1109 is classified as a Base-level weakness (Medium abstraction). It has been observed in 1 real-world CVEs.