CVE-2024-43806 – `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
https://notcve.org/view.php?id=CVE-2024-43806
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. • https://github.com/bytecodealliance/rustix/security/advisories/GHSA-c827-hfw6-qwvm https://github.com/imsnif/bandwhich/issues/284 • CWE-400: Uncontrolled Resource Consumption •