CVE-2024-27308
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-27308 is a vulnerability affecting the Mio Metal I/O library for Rust on Windows. Under certain conditions, mio returns invalid tokens for deregistered named pipes. The severity of this issue depends on the application's usage of mio. For some, it may result in warnings or crashes, whereas others may experience use-after-free conditions when storing pointers in the tokens. This vulnerability is particularly concerning for users of Tokio, as it can lead to a use-after-free issue. It is Windows-specific and occurs only when using named pipes. Versions of mio between v0.7.2 and v0.8.10, as well as vulnerable versions of Tokio, are at risk. Users can mitigate the issue by detecting and disregarding invalid tokens. The vulnerability has since been addressed in mio v0.8.11.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.