Merge pull request #399 from RustSec/actix-service-cell

Add advisory for unsound Cell in actix-service
2026-01-06 11:39:45 +01:00 · 2020-09-26 19:06:04 +02:00
parent 94c5614c01 90ac1e0dea
commit db20f9b701
1 changed files with 22 additions and 0 deletions
--- a/crates/actix-service/RUSTSEC-0000-0000.toml
+++ b/crates/actix-service/RUSTSEC-0000-0000.toml
@@ -0,0 +1,22 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "actix-service"
+date = "2020-01-08"
+
+title = "bespoke Cell implementation allows obtaining several mutable references to the same data"
+url = "https://github.com/actix/actix-net/pull/158"
+categories = ["memory-corruption"]
+informational = "unsound"
+
+description = """
+The custom implementation of a Cell primitive in the affected versions of this crate
+does not keep track of mutable references to the underlying data.
+
+This allows obtaining several mutable references to the same object
+which may result in arbitrary memory corruption, most likely use-after-free.
+
+The flaw was corrected by switching from a bespoke `Cell<T>` implementation to `Rc<RefCell<T>>`.
+"""
+
+[versions]
+patched = [">= 1.0.6"]