OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add use after free advisory for lru crate (#1125)

Browse Source 
* Add use after free advisory for lru crate

* Add blockquotes

* Update RUSTSEC-0000-0000.md

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
This commit is contained in:
Ossi Herrala
2021-12-21 17:47:42 +02:00
committed by GitHub
parent bfcafe5727
commit 2fc8681c0e
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
crates/lru/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,25 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "lru"
date = "2021-12-21"
url = "https://github.com/jeromefroe/lru-rs/issues/120"
categories = ["memory-corruption"]
keywords = ["use-after-free"]
[affected.functions]
"lru::LruCache::iter" = ["< 0.7.1"]
"lru::LruCache::iter_mut" = ["< 0.7.1"]
[versions]
patched = [">= 0.7.1"]
```
# Use after free in lru crate
Lru crate has use after free vulnerability.
Lru crate has two functions for getting an iterator. Both iterators give
references to key and value. Calling specific functions, like pop(), will remove
and free the value, and but it's still possible to access the reference of value
which is already dropped causing use after free.