OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 15:56:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for use-after-frees fixed in libpulse-binding v1.2.1 (#433)

Browse Source
This commit is contained in:
Lyndon Brown
2020-10-25 19:19:41 +00:00
committed by GitHub
parent 1e48ac3958
commit 59bee556dd
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/libpulse-binding/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "libpulse-binding"
date = "2018-06-15"
url = "https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w"
categories = ["memory-corruption"]
[versions]
patched = [">= 1.2.1"]
[affected.functions]
"libpulse_binding::stream::Stream::get_format_info" = ["< 1.2.1"]
"libpulse_binding::stream::Stream::get_context" = ["< 1.2.1"]
```
# Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods
Affected versions contained a pair of use-after-free issues with the objects returned by the `get_format_info` and `get_context` methods of `Stream` objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.