What is CVE-2024-27308?

CVE-2024-27308 is a high-severity vulnerability in Tokio-rs Mio, classified under Use After Free. CVSS score: 7.5/10. Published 2024-03-06.

How severe is CVE-2024-27308?

High severity. CVSS v3 base score is 7.5 out of 10.

Use After Free in Tokio-rs Mio

CVE-2024-27308

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vu…

Vulnerability class: Use-After-Free

EPSS: 0.010 (76.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Tokio-rs Mio — versions >= 0.7.2, < 0.8.11

Weakness classification (CWE)

References

https://github.com/tokio-rs/mio/security/advisories/GHSA-r8w9-5wcg-vfj7 (x_refsource_CONFIRM)
https://github.com/tokio-rs/tokio/issues/6369 (x_refsource_MISC)
https://github.com/tokio-rs/mio/pull/1760 (x_refsource_MISC)
https://github.com/tokio-rs/mio/commit/90d4fe00df870acd3d38f3dc4face9aacab8fbb9 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-27308?: CVE-2024-27308 is a high-severity vulnerability in Tokio-rs Mio, classified under Use After Free. CVSS score: 7.5/10. Published 2024-03-06.
How severe is CVE-2024-27308?: High severity. CVSS v3 base score is 7.5 out of 10.