From 7b363b785a7e2a8ad4e13f22901f4e0db1598fc0 Mon Sep 17 00:00:00 2001
From: llogiq <bogusandre@gmail.com>
Date: Sun, 1 Sep 2019 19:54:20 +0200
Subject: [PATCH] add out-of-bounds memory access in compact_arena < 0.4.0
 (#137)

---
 crates/compact_arena/RUSTSEC-0000-0000.toml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 crates/compact_arena/RUSTSEC-0000-0000.toml

diff --git a/crates/compact_arena/RUSTSEC-0000-0000.toml b/crates/compact_arena/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..ab58083
--- /dev/null
+++ b/crates/compact_arena/RUSTSEC-0000-0000.toml
@@ -0,0 +1,19 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "compact_arena"
+date = "2019-05-21"
+title = "Flaw in generativity allows out-of-bounds access"
+description = """
+Affected versions of this crate did not properly implement the generativity,
+because the invariant lifetimes were not necessarily `drop`ped.
+
+This allows an attacker to mix up two arenas, using indices created from one 
+arena with another one. This might lead to an out-of-bounds read or write 
+access into the memory reserved for the arena.
+ 
+The flaw was corrected by implementing generativity correctly in version 0.4.0.
+"""
+patched_versions = [">= 0.4.0"]
+url = "https://github.com/llogiq/compact_arena/issues/22"
+keywords = ["memory-corruption", "uninitialized-memory"]
+affected_functions = ["compact_arena::SmallArena::new"]