Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks

A serious security vulnerability in the Rust standard library might be used to launch command injection attacks against Windows users.

The vulnerability, identified by the tracking number CVE-2024-24576, has a maximum severity of 10.0 on the CVSS. That being stated, it only affects situations in which Windows batch files are called with untrusted parameters.

According to a working group advisory published on April 9, 2024, the Rust standard library does not appropriately escape arguments when calling batch files (with the bat and cmd extensions) on Windows using the Command API.

Bypassing the escaping, an attacker with control over the inputs given to the generated process might execute any shell command read more Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *