CWE-403
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
AI Translation Available
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
Status
draft
Abstraction
base
Affected Platforms
C
Not Language-Specific
Extended Description
AI Translation
When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.
Technical Details
AI Translation
Common Consequences
confidentiality
integrity
Impacts
read application data
modify application data
Detection Methods
automated static analysis
Potential Mitigations
Functional Areas
program invocation