Merge pull request #364 from Qwaz/0008-arr

arr: Multiple security issues including data race, buffer overflow, and uninitialized memory drop
2025-12-30 16:24:05 +01:00 · 2020-08-26 02:13:04 +02:00
parent df69587297 dc88a65c30
commit 19b654a00f
1 changed files with 16 additions and 0 deletions
--- a/crates/arr/RUSTSEC-0000-0000.toml
+++ b/crates/arr/RUSTSEC-0000-0000.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "arr"
+date = "2020-08-25"
+title = "Multiple security issues including data race, buffer overflow, and uninitialized memory drop"
+url = "https://github.com/sjep/array/issues/1"
+description = """
+`arr` crate contains multiple security issues. Specifically,
+
+1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
+2. `Index` and `IndexMut` implementation does not check the array bound.
+3. `Array::new_from_template()` drops uninitialized memory.
+"""
+
+[versions]
+patched = []