{"id":"RUSTSEC-2023-0001","summary":"reject_remote_clients Configuration corruption","details":"On Windows, configuring a named pipe server with [pipe_mode] will force [ServerOptions]::[reject_remote_clients] as `false`.\n\nThis drops any intended explicit configuration for the [reject_remote_clients] that may have been set as `true` previously.\n\nThe default setting of [reject_remote_clients] is normally `true` meaning the default is also overridden as `false`.\n\n## Workarounds\n\nEnsure that [pipe_mode] is set first after initializing a [ServerOptions]. For example:\n\n```rust\nlet mut opts = ServerOptions::new();\nopts.pipe_mode(PipeMode::Message);\nopts.reject_remote_clients(true);\n```\n\n[ServerOptions]: https://docs.rs/tokio/latest/tokio/net/windows/named_pipe/struct.ServerOptions.html\n[pipe_mode]: https://docs.rs/tokio/latest/tokio/net/windows/named_pipe/struct.ServerOptions.html#method.pipe_mode\n[reject_remote_clients]: https://docs.rs/tokio/latest/tokio/net/windows/named_pipe/struct.ServerOptions.html#method.reject_remote_clients","aliases":["CVE-2023-22466","GHSA-7rrj-xr53-82p7"],"modified":"2023-11-08T04:11:35.862060Z","published":"2023-01-04T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/tokio"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0001.html"},{"type":"ADVISORY","url":"https://github.com/tokio-rs/tokio/security/advisories/GHSA-7rrj-xr53-82p7"},{"type":"WEB","url":"https://github.com/tokio-rs/tokio/pull/5336"},{"type":"WEB","url":"https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea#pipe_reject_remote_clients"}],"affected":[{"package":{"name":"tokio","ecosystem":"crates.io","purl":"pkg:cargo/tokio"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.7.0"},{"fixed":"1.18.4"},{"introduced":"1.19.0"},{"fixed":"1.20.3"},{"introduced":"1.21.0"},{"fixed":"1.23.1"}]}],"ecosystem_specific":{"affects":{"functions":[],"os":["windows"],"arch":[]},"affected_functions":null},"database_specific":{"cvss":null,"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0001.json","categories":[]}}],"schema_version":"1.7.3"}