AIKIDO-2025-10772
fork is vulnerable to Improper Handling of File Descriptors
82
High Risk
This Affects:
forkTL;DR
Affected versions of this package contain a critical vulnerability in the daemon() function, where newly opened files could be assigned file descriptors 0, 1, or 2 (stdin, stdout, stderr). It allows any output from println!, eprintln!, or panic macros to write to these files instead of the standard streams, potentially corrupting them. An attacker can exploit this by manipulating the application to open sensitive files (e.g., configuration files, logs, or data files) after daemonization, which may acquire low file descriptors, and then triggering output or panic mechanisms to overwrite or corrupt those files, leading to data loss, denial of service, or other malicious outcomes.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
fork is vulnerable to Improper Handling of File Descriptors in versions 0.1.5 - 0.3.1.
How to fix this
Upgrade the fork library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant