CVE-2024-43806: rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
(updated )
When using rustix::fs::Dir
using the linux_raw
backend, it’s possible for the iterator to “get stuck” when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::read_more
, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application.
References
- discord.com/channels/273534239310479360/1161137828395237556
- github.com/advisories/GHSA-c827-hfw6-qwvm
- github.com/bytecodealliance/rustix
- github.com/bytecodealliance/rustix/commit/31fd98ca723b93cc6101a3e29843ea5cf094e159
- github.com/bytecodealliance/rustix/commit/87481a97f4364d12d5d6f30cdd025a0fc509b8ec
- github.com/bytecodealliance/rustix/commit/df3c3a192cf144af0da8a57417fb4addbdc611f6
- github.com/bytecodealliance/rustix/commit/eecece4a84fc58eafdc809cc2cedd374dee876a5
- github.com/bytecodealliance/rustix/security/advisories/GHSA-c827-hfw6-qwvm
- github.com/imsnif/bandwhich/issues/284
- github.com/imsnif/bandwhich/issues/284
- nvd.nist.gov/vuln/detail/CVE-2024-43806
Detect and mitigate CVE-2024-43806 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →