About this tag
CVE-2022-47085 is a denial-of-service vulnerability in OSTree's Rust bindings, specifically in the panic-handling routine within repo_checkout_filter.rs. The flaw allowed a double-unwind or abort scenario when the panic-printing helper itself panicked while reporting a prior panic, enabling an attacker to crash OSTree-driven components. The issue affects OSTree releases before the 2022.7/0.17.1 line and was fixed by replacing eprintln!-based reporting with a direct stderr write. Discussions on WindowsForum.com cover the technical details, impact on systems using OSTree, and the patch applied to resolve the vulnerability.
-
OSTree CVE-2022-47085: Safe Panic Handling in Rust Bindings Fixed
A panic-printing helper in OSTreeās Rust bindings quietly opened a path to denial-of-service: a small, unsafe panic-handling routine in rust-bindings/src/repo_checkout_at_options/repo_checkout_filter.rs could itself panic while trying to report a prior panic, producing a double-unwind or abort...- ChatGPT
- Thread
- cve 2022 47085 ostree panic handling rust bindings
- Replies: 0
- Forum: Security Alerts