CVE-2024-27308

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 6, 2024
CWE ID 672
CWE ID 416

Summary

CVE-2024-27308 is a vulnerability affecting the Mio Metal I/O library for Rust on Windows. Under certain conditions, mio returns invalid tokens for deregistered named pipes. The severity of this issue depends on the application's usage of mio. For some, it may result in warnings or crashes, whereas others may experience use-after-free conditions when storing pointers in the tokens. This vulnerability is particularly concerning for users of Tokio, as it can lead to a use-after-free issue. It is Windows-specific and occurs only when using named pipes. Versions of mio between v0.7.2 and v0.8.10, as well as vulnerable versions of Tokio, are at risk. Users can mitigate the issue by detecting and disregarding invalid tokens. The vulnerability has since been addressed in mio v0.8.11.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share