OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 00:30:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

A bug in crossbeam v0.4.0

Browse Source
This commit is contained in:
Stjepan Glavina
2018-12-09 14:07:06 +00:00
parent 529358ad6e
commit fd45ce4eb5
1 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
crates/crossbeam/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,56 @@
[advisory]
# Identifier for the advisory (mandatory). Will be assigned a "RUSTSEC-YYYY-NNNN"
# identifier e.g. RUSTSEC-2018-0001. Please use "RUSTSEC-0000-0000" in PRs.
id = "RUSTSEC-0000-0000"
# Name of the affected crate (mandatory)
package = "crossbeam"
# Disclosure date of the advisory as an RFC 3339 date (mandatory)
date = "2018-12-09"
# Single-line description of a vulnerability (mandatory)
title = "MsQueue and SegQueue suffer from double-free"
# Enter a short-form description of the vulnerability here (mandatory)
description = """
Even if an element is popped from a queue, crossbeam would run its
destructor inside the epoch-based garbage collector. This is a source
of double frees.
The flaw was corrected by wrapping elements inside queues in a
`ManuallyDrop`.
Thanks to @c0gent for reporting the issue.
"""
# Versions which include fixes for this vulnerability (mandatory)
patched_versions = [">= 0.4.1"]
# Versions which were never vulnerable (optional)
#unaffected_versions = ["< 1.1.0"]
# URL to a long-form description of this issue, e.g. a GitHub issue/PR,
# a change log entry, or a blogpost announcing the release (optional)
url = "https://github.com/crossbeam-rs/crossbeam-epoch/issues/82"
# Keywords which describe this vulnerability, similar to Cargo (optional)
keywords = ["concurrency", "memory-management"]
# Vulnerability aliases, e.g. CVE IDs (optional but recommended)
# Request a CVE for your RustSec vulns: https://iwantacve.org/
#aliases = ["CVE-2018-XXXX"]
# References to related vulnerabilities (optional)
# e.g. CVE for a C library wrapped by a -sys crate)
#references = ["CVE-2018-YYYY", "CVE-2018-ZZZZ"]
# CPU architectures impacted by this vulnerability (optional)
# For a list of CPU architecture strings, see the "platforms" crate:
# <https://docs.rs/platforms/latest/platforms/target/enum.Arch.html>
#affected_arch = ["x86", "x86_64"]
# Operating systems impacted by this vulnerability (optional)
# For a list of OS strings, see the "platforms" crate:
# <https://docs.rs/platforms/latest/platforms/target/enum.OS.html>
#affected_os = ["windows"]