RUSTSEC-2020-0017.md (use-after-free in internment) is fixed (#554)

The vulnerability in this report was fixed in internment 0.4.0. For details, see https://github.com/droundy/internment/issues/11#issuecomment-758862385.
2026-01-06 03:29:45 +01:00 · 2021-01-12 11:05:27 -08:00
parent fa47ec0c0b
commit 7feb037b84
1 changed files with 4 additions and 1 deletions
--- a/crates/internment/RUSTSEC-2020-0017.md
+++ b/crates/internment/RUSTSEC-2020-0017.md
@@ -11,7 +11,7 @@ url = "https://github.com/droundy/internment/issues/11"
 "internment::ArcIntern::drop" = [">= 0.3.12"]

 [versions]
-patched = []
+patched = [">= 0.4.0"]
 unaffected = ["< 0.3.12"]
 ```

@@ -21,4 +21,7 @@ unaffected = ["< 0.3.12"]
 which is about to get another user. The new user will get a reference
 to freed memory.

+This was fixed by serializing access to an interned object while it
+is being deallocated.
+
 Versions prior to 0.3.12 used stronger locking which avoided the problem.