OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 09:36:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #371 from Qwaz/0010-crayon

Browse Source 
crayon: Misbehaving `HandleLike` implementation can lead to memory safety violation
This commit is contained in:
Sergey "Shnatsel" Davidoff
2020-08-31 23:34:37 +02:00
committed by GitHub
parent c341943a3c 484d002213
commit 8acfb6ad12
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
crates/crayon/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,13 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "crayon"
date = "2020-08-31"
informational = "unsound"
title = "Misbehaving `HandleLike` implementation can lead to memory safety violation"
url = "https://github.com/shawnscode/crayon/issues/87"
description = """
Unsafe code in `ObjectPool` has time-of-check to time-of-use (TOCTOU) bug that can eventually lead to a memory safety violation. `ObjectPool` and `HandlePool` implicitly assumes that `HandleLike` trait methods are pure, i.e., they always return the same value. However, this assumption is unsound since `HandleLike` is a safe, public trait that allows a custom implementation.
"""
[versions]
patched = []