CVE-2024-27308

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 6, 2024
CWE ID 672
CWE ID 416

Summary

CVE-2024-27308 is a vulnerability affecting the Mio Metal I/O library for Rust on Windows. Under certain conditions, mio returns invalid tokens for deregistered named pipes. The severity of this issue depends on the application's usage of mio. For some, it may result in warnings or crashes, whereas others may experience use-after-free conditions when storing pointers in the tokens. This vulnerability is particularly concerning for users of Tokio, as it can lead to a use-after-free issue. It is Windows-specific and occurs only when using named pipes. Versions of mio between v0.7.2 and v0.8.10, as well as vulnerable versions of Tokio, are at risk. Users can mitigate the issue by detecting and disregarding invalid tokens. The vulnerability has since been addressed in mio v0.8.11.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-27308 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database