Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.3K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

83r71n

A critical vulnerability, named BatBadBut, was discovered in the Rust programming language, affecting not just Rust but also Erlang, Go, Python, Ruby, and potentially others. This vulnerability, with a severity score of 10/10, could allow attackers to execute arbitrary commands on Windows systems by exploiting how Rust handles batch files. The issue arises from Rust's standard library improperly escaping arguments when invoking batch files on Windows, leading to potential command injection. The vulnerability has been addressed with a fix in Rust version 1.77.2, which developers are urged to update to. Other programming languages and systems, including Node.js, PHP, and Java, are also affected and are working on patches.

flatt.tech/research/posts/batb

blog.rust-lang.org/2024/04/09/

flatt.tech · BatBadBut: You can't securely execute commands on WindowsIntroduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc. Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditions were satisfied. Today, affected vendors published advisories of these vulnerabilities 1, so I’m documenting the details here to provide more information about the vulnerabilities and minimize the confusion regarding the high CVSS score.
#cybersecurity#rust#batbadbut
Apr 10, 2024, 05:27 PM·Public·Web
30boosts·17favorites
ExploreLive feeds
About