CVE-2024-43806

Name of the Vulnerable Software and Affected Versions Rustix versions prior to 0.35.15 Rustix versions prior to 0.36.16 Rustix versions prior to 0.37.25 Rustix versions prior to 0.38.19

Description The issue arises when using rustix::fs::Dir with the linux raw backend, where the iterator can get stuck when an IO error is encountered, combined with a memory over-allocation issue in rustix::fs::Dir::read more. This can cause a quick and unbounded memory explosion, leading to an OOM crash of the application. If a program tries to access a directory with its file descriptor after the file has been unlinked, and the implementation does not break after seeing an error, it can cause a memory explosion. An attacker knowledgeable about the implementation details of a vulnerable target can try to trigger this fault condition via available APIs, leading to denial of service.

Recommendations For versions prior to 0.35.15, upgrade to version 0.35.15 or later. For versions prior to 0.36.16, upgrade to version 0.36.16 or later. For versions prior to 0.37.25, upgrade to version 0.37.25 or later. For versions prior to 0.38.19, upgrade to version 0.38.19 or later. As a temporary workaround, consider disabling the rustix::fs::Dir function until a patch is available. Restrict access to the rustix::fs::Dir module to minimize the risk of exploitation. Avoid using the linux raw backend in rustix::fs::Dir until the issue is resolved.