Add advisory for internment (#306)

`internment` 0.3.12 has a race condition in ArcIntern::drop which can result in use-after-free.
2026-01-01 01:00:23 +01:00 · 2020-06-07 07:55:58 -07:00
parent efef3b953e
commit 0f5a2dc239
1 changed files with 24 additions and 0 deletions
--- a/crates/internment/RUSTSEC-0000-0000.toml
+++ b/crates/internment/RUSTSEC-0000-0000.toml
@@ -0,0 +1,24 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "internment"
+
+date = "2020-05-28"
+
+title = "Use after free in ArcIntern::drop"
+
+url = "https://github.com/droundy/internment/issues/11"
+
+categories = ["memory-corruption"]
+
+description = """
+`ArcIntern::drop` has a race condition where it can release memory
+which is about to get another user. The new user will get a reference
+to freed memory.
+
+Versions prior to 0.3.12 used stronger locking which avoided the problem.
+"""
+
+functions = { "internment::ArcIntern::drop" = [">= 0.3.12"] }
+
+unaffected = ["< 0.3.12"]