1. Home
  2. CWE Database
  3. CWE-605
Variant · Low-Medium

CWE-605: Multiple Binds to the Same Port

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

CWE-605 · Variant Level ·1 Mitigations

Description

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.

Potential Impact

Confidentiality, Integrity

Read Application Data

Demonstrative Examples

This code binds a server socket to port 21, allowing the server to listen for traffic on that port.
Bad
void bind_socket(void) {
                        
                           int server_sockfd;int server_len;struct sockaddr_in server_address;
                           
                           /*unlink the socket if already bound to avoid an error when bind() is called*/
                           
                           unlink("server_socket");server_sockfd = socket(AF_INET, SOCK_STREAM, 0);
                           server_address.sin_family = AF_INET;server_address.sin_port = 21;server_address.sin_addr.s_addr = htonl(INADDR_ANY);server_len = sizeof(struct sockaddr_in);
                           bind(server_sockfd, (struct sockaddr *) &s1, server_len);
                     }
This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.

Mitigations & Prevention

Policy

Restrict server socket address to known local addresses.

Detection Methods

  • Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-675: Multiple Operations on Resource in Single-Operation Context

The product performs the same operation on a resource two or more times, when the operation should only be applied once.

CWE-666: Operation on Resource in Wrong Phase of Lifetime

The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpe...

Taxonomy Mappings

  • Software Fault Patterns: SFP32 — Multiple binds to the same port

Frequently Asked Questions

What is CWE-605?

CWE-605 (Multiple Binds to the Same Port) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

How can CWE-605 be exploited?

Attackers can exploit CWE-605 (Multiple Binds to the Same Port) to read application data. This weakness is typically introduced during the Implementation, Operation phase of software development.

How do I prevent CWE-605?

Key mitigations include: Restrict server socket address to known local addresses.

What is the severity of CWE-605?

CWE-605 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.