Add use after free advisory for lru crate (#1125)

* Add use after free advisory for lru crate * Add blockquotes * Update RUSTSEC-0000-0000.md Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2026-01-04 10:40:34 +01:00 · 2021-12-21 17:47:42 +02:00
parent bfcafe5727
commit 2fc8681c0e
1 changed files with 25 additions and 0 deletions
--- a/crates/lru/RUSTSEC-0000-0000.md
+++ b/crates/lru/RUSTSEC-0000-0000.md
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "lru"
+date = "2021-12-21"
+url = "https://github.com/jeromefroe/lru-rs/issues/120"
+categories = ["memory-corruption"]
+keywords = ["use-after-free"]
+
+[affected.functions]
+"lru::LruCache::iter" = ["< 0.7.1"]
+"lru::LruCache::iter_mut" = ["< 0.7.1"]
+
+[versions]
+patched = [">= 0.7.1"]
+```
+
+# Use after free in lru crate
+
+Lru crate has use after free vulnerability.
+
+Lru crate has two functions for getting an iterator. Both iterators give
+references to key and value. Calling specific functions, like pop(), will remove
+and free the value, and but it's still possible to access the reference of value
+which is already dropped causing use after free.