17 results (0.011 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. • https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 9

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. • https://github.com/aydinnyunus/CVE-2024-24576-Exploit https://github.com/frostb1ten/CVE-2024-24576-PoC https://github.com/brains93/CVE-2024-24576-PoC-Python https://github.com/mishalhossin/CVE-2024-24576-PoC-Python https://github.com/lpn/CVE-2024-24576.jl https://github.com/foxoman/CVE-2024-24576-PoC---Nim https://github.com/SheL3G/CVE-2024-24576-PoC-BatBadBut https://github.com/Gaurav1020/CVE-2024-24576-PoC-Rust https://github.com/mishl-dev/CVE-2024-24576-PoC-Python& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 2

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. • https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html https://github.com/rust-lang/rust/pull/93110 https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946 https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714 https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2 https://lists.fedoraproject.org/archives/list/package-announc • CWE-363: Race Condition Enabling Link Following CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. El archivo library/std/src/net/parser.rs en Rust versiones anteriores a 1.53.0, no considera apropiadamente los caracteres cero extraños al principio de una cadena de direcciones IP, lo que (en algunas situaciones) permite a atacantes omitir el control de acceso que es basado en las direcciones IP, debido a una interpretación octal inesperada A flaw was found in rust. Extraneous zero characters at the beginning of an IP address string are not properly considered which can allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity. • https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis https://doc.rust-lang.org/beta/std/net/struct.Ipv4Addr.html https://github.com/rust-lang/rust/issues/83648 https://github.com/rust-lang/rust/pull/83652 https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md https://security.gentoo.org/glsa/202210-09 https://access.redhat.com/security/cve/CVE-2021-29922 https://bugzilla.redhat.com/show_bug.cgi?id=1991962 • CWE-20: Improper Input Validation •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions. En la biblioteca estándar en Rust versiones anteriores a 119.0, se presenta un problema de sincronización en el objeto MutexGuard. MutexGuards puede ser usada en subprocesos de cualquier tipo, permitiendo problemas de seguridad de la memoria a través de condiciones de carrera • https://github.com/rust-lang/rust/issues/41622 https://github.com/rust-lang/rust/pull/41624 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •