A cikin mai sarrafa fakitin Cargo, wanda aka yi amfani da shi don sarrafa fakiti da gina ayyuka a cikin yaren Rust, an gano lahani guda biyu waɗanda za a iya amfani da su yayin zazzage fakitin da aka kera na musamman daga ma'ajiyar ɓangarori na uku (an bayyana cewa masu amfani da ma'ajiyar crates.io na hukuma matsalar ba ta shafe su ba). Rashin lahani na farko (CVE-2022-36113) yana ba da damar baiti biyu na farko na kowane fayil a sake rubutawa muddin izini na yanzu ya ba da izini. Za a iya amfani da rashin lahani na biyu (CVE-2022-36114) don ƙyale sararin faifai.
Za a daidaita raunin a cikin sakin Rust 1.64, wanda aka shirya don Satumba 22. An ba da lahani ga ƙananan matakan tsanani, tun da ana iya haifar da irin wannan lahani yayin amfani da fakitin da ba a tabbatar da su ba daga ma'ajiyar ɓangare na uku ta amfani da daidaitaccen ikon ƙaddamar da masu sarrafa al'ada daga rubutun taro ko tsarin macro da aka kawo a cikin kunshin. A lokaci guda kuma, matsalolin da aka ambata a sama sun bambanta da cewa ana amfani da su a matakin bude kunshin bayan saukewa (ba tare da taro ba).
Musamman, bayan zazzage fakitin, kaya yana buɗe abubuwan da ke ciki a cikin ~/ .cargo directory kuma yana adana alamar nasarar cire kaya a cikin fayil ɗin .cargo-ok. Ma'anar rashin lafiyar farko shine cewa mahaliccin kunshin zai iya sanya hanyar haɗi ta alama a ciki tare da sunan .cargo-ok, wanda zai haifar da rubuta rubutun "ok" zuwa fayil ɗin da aka nuna ta hanyar haɗin yanar gizon.
Rashin lahani na biyu yana haifar da rashin iyaka kan girman bayanan da aka samo daga ma'ajin, wanda za'a iya amfani dashi don ƙirƙirar "zip bombs" (takardun yana iya ƙunsar bayanan da ke ba da damar cimma matsakaicin matsawa ga tsarin zip - game da Sau miliyan 28, a cikin wannan yanayin, alal misali, fayil ɗin zip na 10 MB na musamman da aka shirya zai haifar da lalatar kusan TB na 281).
source: budenet.ru