How severe is CVE-2023-22466?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-22466?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2023-22466 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `true`, this effectively undoes the configuration. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publicly shared folder (SMB). Versions 1.23.1, 1.20.3, and 1.18.4 have been patched. The fix will also be present in all releases starting from version 1.24.0. Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected. As a workaround, ensure that `pipe_mode` is set first after initializing a `ServerOptions`.

Related Vulnerabilities

CVE-2010-4343

MEDIUM

CVSS:5.5(Medium)

drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operation...

CWE-6652010

CVE-2010-4655

MEDIUM

CVSS:5.5(Medium)

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by levera...

CWE-6652010

CVE-2014-8181

MEDIUM

CVSS:5.5(Medium)

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

CWE-6652014

CVE-2017-0641

MEDIUM

CVSS:5.5(Medium)

A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to...

CWE-6652017

CVE-2017-0735

MEDIUM

CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38239864.

CWE-6652017

CVE-2017-13649

MEDIUM

CVSS:5.5(Medium)

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root accoun...

CWE-6652017