Use-after-free in mio - CVE-2024-27308

 

Use-after-free in mio - CVE-2024-27308

Published: June 19, 2024


Vulnerability identifier: #VU92243
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-27308
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: tokio-rs
Affected software:
mio

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry when using named pipes on Windows. A remote attacker can trigger the vulnerability to perform a denial of service attack or compromise vulnerable system.


How to mitigate CVE-2024-27308

Install updates from vendor's website.

Sources