CWE-605 对同一端口的多重绑定

Multiple Binds to the Same Port

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown


When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.


On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.


  • cwe_Nature: ChildOf cwe_CWE_ID: 675 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 666 cwe_View_ID: 1000


Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}


范围 影响 注释
['Confidentiality', 'Integrity'] Read Application Data Packets from a variety of network services may be stolen or the services spoofed.




Restrict server socket address to known local addresses.


This code binds a server socket to port 21, allowing the server to listen for traffic on that port.

bad C

void bind_socket(void) {

int server_sockfd;
int server_len;
struct sockaddr_in server_address;

/unlink the socket if already bound to avoid an error when bind() is called/

server_sockfd = socket(AF_INET, SOCK_STREAM, 0);

server_address.sin_family = AF_INET;
server_address.sin_port = 21;
server_address.sin_addr.s_addr = htonl(INADDR_ANY);
server_len = sizeof(struct sockaddr_in);

bind(server_sockfd, (struct sockaddr *) &s1, server_len);

This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.


映射的分类名 ImNode ID Fit Mapped Node Name
Software Fault Patterns SFP32 Multiple binds to the same port