Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2023-22466
HistoryJan 04, 2023 - 12:00 a.m.

CVE-2023-22466

2023-01-0400:00:00
ubuntu.com
ubuntu.com
32
tokio
rust
security vulnerability
named pipe server
windows
configuration
patch
workaround
serveroptions
remote clients
named pipes

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

47.1%

JSON

Tokio is a runtime for writing applications with Rust. Starting with
version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when
configuring a Windows named pipe server, setting pipe_mode will reset
reject_remote_clients to false. If the application has previously
configured reject_remote_clients to true, this effectively undoes the
configuration. Remote clients may only access the named pipe if the named
pipe’s associated path is accessible via a publicly shared folder (SMB).
Versions 1.23.1, 1.20.3, and 1.18.4 have been patched. The fix will also be
present in all releases starting from version 1.24.0. Named pipes were
introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not
affected. As a workaround, ensure that pipe_mode is set first after
initializing a ServerOptions.

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap

Related

cbl_mariner 5
prion 1
nessus 1
rustsec 1
osv 4
nvd 1
cve 1
github 1
cvelist 1
debiancve 1
wolfi 1
cbl_mariner
cbl_mariner
CVE-2023-22466 affecting package kata-containers for versions less than 3.2.0.azl0-1
2024-04-09 20:48:36
CVE-2023-22466 affecting package rpm-ostree 2022.1-7
2024-10-01 09:12:11
CVE-2023-22466 affecting package rust for versions less than 1.72.0-2
2023-10-11 01:41:59
prion
prion
Code injection
2023-01-04 22:15:00
nessus
nessus
CBL Mariner 2.0 Security Update: rust / netavark / kata-containers / rpm-ostree (CVE-2023-22466)
2024-07-03 00:00:00
rustsec
rustsec
reject_remote_clients Configuration corruption
2023-01-04 12:00:00
osv
osv
reject_remote_clients Configuration corruption
2023-01-04 12:00:00
CGA-96vq-3673-8rvq
2024-09-25 05:18:39
CVE-2023-22466
2023-01-04 22:15:09
nvd
nvd
CVE-2023-22466
2023-01-04 22:15:09
cve
cve
CVE-2023-22466
2023-01-04 22:15:09
github
github
Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
2023-01-06 21:40:58
cvelist
cvelist
CVE-2023-22466 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe
2023-01-04 21:47:09
debiancve
debiancve
CVE-2023-22466
2023-01-04 22:15:09
wolfi
wolfi
CVE-2023-22466 vulnerabilities
2024-10-01 21:13:23

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

47.1%

JSON
Related for UB:CVE-2023-22466
cbl_mariner5prion1nessus1rustsec1osv4nvd1cve1github1cvelist1debiancve1wolfi1