Carllerche

**Name of the Vulnerable Software and Affected Versions** Tokio versions 1.7.0 through 1.18.3 Tokio versions 1.18.4 through 1.20.2 Tokio versions 1.20.3 through 1.23.0 **Description** When configuring a Windows named pipe server, setting `pipe mode` will reset `reject remote clients` to `false`. If the application has previously configured `reject remote clients` to `true`, this effectively undoes the configuration. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publicly shared folder (SMB). **Recommendations** For versions 1.7.0 through 1.18.3, ensure that `pipe mode` is set first after initializing a `ServerOptions`. For versions 1.18.4 through 1.20.2, ensure that `pipe mode` is set first after initializing a `ServerOptions`. For versions 1.20.3 through 1.23.0, ensure that `pipe mode` is set first after initializing a `ServerOptions`. Update to version 1.24.0 or later to resolve the issue.