Intel

AIKIDO-2026-805701

trilogy is vulnerable to File Descriptor Leak

File Descriptor Leak Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 3 days ago

36

Low Risk

This Affects:

RUBYtrilogy
2.11.0 - 2.12.4
Fixed in 2.12.5
Are you affected? Scan for Free

TL;DR

The Ruby extension establishes the MySQL connection socket in Ruby and duplicates the underlying file descriptor with dup in contrib/ruby/ext/trilogy-ruby/cext.c before handing it to trilogy_connect_set_fd. The duplicated descriptor did not inherit the FD_CLOEXEC flag, so the live authenticated database socket stayed open across exec. Any child process spawned by the application while a Trilogy connection is open inherited that descriptor and could read from or write to the database connection. The fix reads the original descriptor flags with fcntl(F_GETFD) and reapplies them to the new descriptor with fcntl(F_SETFD) so the socket is closed on exec.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application spawns child processes via exec while a Trilogy connection is open.

Background info

trilogy is vulnerable to File Descriptor Leak in versions 2.11.0 - 2.12.4.

How to fix this

Upgrade the trilogy library to the patch version.