CWE-403
Overview
- CWE ID
- 403
- CWE Name
- Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Draft
Description
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
Extended Description
When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor b
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 402 | 1000 | ChildOf | Primary |