```toml
[advisory]
id = "RUSTSEC-2019-0016"
package = "chttp"
aliases = ["CVE-2019-16140"]
date = "2019-09-01"
keywords = ["memory-management", "memory-corruption"]
url = "https://github.com/sagebind/isahc/issues/2"

[versions]
patched = [">= 0.1.3"]
unaffected = ["< 0.1.1"]
```

# Use-after-free in buffer conversion implementation

The From<Buffer> implementation for Vec<u8> was not properly implemented,
returning a vector backed by freed memory. This could lead to memory corruption
or be exploited to cause undefined behavior.
 
A fix was published in version 0.1.3.