CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
47.1%
When configuring a Windows named pipe server, setting pipe_mode
will reset reject_remote_clients
to false
. If the application has previously configured reject_remote_clients
to true
, this effectively undoes the configuration. This also applies if reject_remote_clients
is not explicitly set as this is the default configuration and is cleared by calling pipe_mode
.
Remote clients may only access the named pipe if the named pipe’s associated path is accessible via a publically shared folder (SMB).
The following versions have been patched:
The fix will also be present in all releases starting from version 1.24.0.
Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected.
Ensure that pipe_mode
is set first after initializing a ServerOptions
. For example:
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
github.com/tokio-rs/tokio
github.com/tokio-rs/tokio/pull/5336
github.com/tokio-rs/tokio/releases/tag/tokio-1.23.1
github.com/tokio-rs/tokio/security/advisories/GHSA-7rrj-xr53-82p7
learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea#pipe_reject_remote_clients
nvd.nist.gov/vuln/detail/CVE-2023-22466
rustsec.org/advisories/RUSTSEC-2023-0001.html
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
47.1%