Updated rust packages fix security vulnerability

April 19, 2025 invoker category_cve

Vulnerability Details

Basic Information

Title Updated rust packages fix security vulnerability
Type mageia
Published 2025-04-17T20:37:29
Last Seen 2025-04-17T17:57:50
CVSS Score 10.0 (CRITICAL)

CVSS v3 Details

Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Scope CHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

CVE Information

CVE IDs CVE-2024-24576
CWE
Bulletin Family unix

Description

The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical if you are invoking batch files on Windows with untrusted arguments. No other platform or use is affected. We update to rust 1.78.0 for future mesa updates in mageia 9.

Impact Assessment

Base Score 10.0
Severity CRITICAL

View full CVE details

πŸ’­ Join the Security Discussion

πŸ”’ Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.