OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-07 04:01:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add an advisory on lifetime extension in generic-array

Browse Source
This commit is contained in:
Konrad Borowski
2021-03-01 14:24:05 +01:00
parent 6d1fcd97c7
commit eda0a2235a
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/generic-array/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "generic-array"
date = "2020-04-09"
url = "https://github.com/fizyk20/generic-array/issues/98"
categories = ["memory-corruption"]
keywords = ["soundness"]
[versions]
patched = [">= 0.14.0"]
unaffected = ["< 0.8.0"]
```
# arr! macro erases lifetimes
Affected versions of this crate allowed unsoundly extending
lifetimes using `arr!` macro. This may result in a variety of
memory corruption scenarios, most likely use-after-free.