OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 01:26:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
00a4c19a4608a5010260bf3bf8e7b1e53e008bf2
advisory-db/crates/libpulse-binding/RUSTSEC-2018-0020.md
Tony Arcieri fb2a1a6c47 Rename RUSTSEC-2020-0055 to RUSTSEC-2018-0020 (#437) 
It was accidentally filed under the wrong year.
2020-10-22 06:49:26 -07:00

25 lines
984 B
Markdown
Raw Blame History

```toml
[advisory]
id = "RUSTSEC-2018-0020"
package = "libpulse-binding"
date = "2018-12-22"
url = "https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-f56g-chqp-22m9"
categories = ["memory-corruption"]
[versions]
patched = [">= 2.5.0"]
unaffected = ["< 1.0.5"]
```
# Possible use-after-free with `proplist::Iterator`
Affected versions contained a possible use-after-free issue with property list iteration
due to a lack of a lifetime constraint tying the lifetime of a `proplist::Iterator` to the
`Proplist` object for which it was created. This made it possible for users, without
experiencing a compiler error/warning, to destroy the `Proplist` object before the iterator,
thus destroying the underlying C object the iterator works upon, before the iterator may be
finished with it.
This impacts all versions of the crate before `2.5.0` back to `1.0.5`. Before version
`1.0.5` the function that produces the iterator was broken to the point of being useless.
Reference in New Issue View Git Blame Copy Permalink