CVE-2023-22466 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipemode will reset rejectremoteclients to false. If the application has previously configured...

CVE-2023-22466 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipemode will reset rejectremoteclients to false. If the application has previously configured...

CVE-2023-22466

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipemode will reset rejectremoteclients to false. If the application has previously configured...

CVE-2023-22466

Tokio (Rust) prior to v1.18.4, v1.20.3, and v1.23.1, and the 1.7.0–1.18.x range, has a Windows named pipe setting bug: when configuring pipe_mode for a named pipe server, reject_remote_clients is reset to false, undoing any prior true setting. This can allow remote clients access to the named pip...

Exploit for Improper Initialization in Linux Linux_Kernel

Dirty-Pipe-CVE-2022-0847-POCs - Author: Max Kellermann max.kel...

RUSTSEC-2023-0001 reject_remote_clients Configuration corruption

On Windows, configuring a named pipe server with pipemode will force ServerOptions::rejectremoteclients as false. This drops any intended explicit configuration for the rejectremoteclients that may have been set as true previously. The default setting of rejectremoteclients is normally true meani...

reject_remote_clients Configuration corruption

On Windows, configuring a named pipe server with pipemode will force ServerOptions::rejectremoteclients as false. This drops any intended explicit configuration for the rejectremoteclients that may have been set as true previously. The default setting of rejectremoteclients is normally true meani...

PT-2023-18518 · Tokio · Tokio

Name of the Vulnerable Software and Affected Versions: Tokio versions 1.7.0 through 1.18.3 Tokio versions 1.18.4 through 1.20.2 Tokio versions 1.20.3 through 1.23.0 Description: When configuring a Windows named pipe server, setting pipe mode will reset reject remote clients to false. If the...

aluminum-pipe.com Cross Site Scripting vulnerability OBB-3118210

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-36221

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system...

CVE-2022-36221

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system...

Path traversal

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system...

Nokia FastMile 3TG00118ABAD52 路径遍历漏洞

Nokia FastMile 3TG00118ABAD52 is a fixed wireless access from Nokia Finland. A security vulnerability exists in the Nokia FastMile 3TG00118ABAD52 that stems from an authenticated path traversal vulnerability that allows an attacker to read any named pipe file on the system...

CVE-2022-36221

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system...

PT-2022-23263 · Nokia · Nokia Fastmile

Name of the Vulnerable Software and Affected Versions: Nokia Fastmile version 3tg00118abad52 Description: The issue allows attackers to read any named pipe file on the system through an authenticated path traversal vulnerability. Recommendations: For Nokia Fastmile version 3tg00118abad52, conside...

kernel: watch queue race condition can lead to privilege escalation

A race condition was found in the Linux kernel's watch queue due to a missing lock in the piperesizering. The race condition occurs when a thread uses ioctlIOCWATCHQUEUESETSIZE to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl to trigger a notification in th...

kernel: watch queue race condition can lead to privilege escalation

A race condition was found in the Linux kernel's watch queue due to a missing lock in the piperesizering. The race condition occurs when a thread uses ioctlIOCWATCHQUEUESETSIZE to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl to trigger a notification in th...

kernel: watch queue race condition can lead to privilege escalation

A race condition was found in the Linux kernel's watch queue due to a missing lock in the piperesizering. The race condition occurs when a thread uses ioctlIOCWATCHQUEUESETSIZE to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl to trigger a notification in th...

PT-2022-35977 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: A memory leak was discovered in the tracing read pipe function. The issue was introduced in version v5.12 and is fixed in version v6.0.10. The actual impact and attack plausibility of this...

PT-2022-36153 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.12 through v5.15.79 Description: A memory leak was discovered in the tracing read pipe function. The issue was introduced in version v5.12 and is fixed in version v5.15.80. Recommendations: For Linux Kernel versions...