CWE-605: Multiple Binds to the Same Port
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.
扩展描述
On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.
常见后果
影响范围: Confidentiality Integrity
技术影响: Read Application Data
说明: Packets from a variety of network services may be stolen or the services spoofed.
潜在缓解措施
阶段: Policy
描述: Restrict server socket address to known local addresses.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
| Operation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Software Fault Patterns | SFP32 | Multiple binds to the same port | - |