mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-06 19:49:45 +01:00
23 lines
581 B
Markdown
23 lines
581 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0007"
|
|
package = "bitvec"
|
|
aliases = ["CVE-2020-35862"]
|
|
categories = ["memory-corruption"]
|
|
date = "2020-03-27"
|
|
url = "https://github.com/myrrlyn/bitvec/issues/55"
|
|
|
|
[affected.functions]
|
|
"bitvec::vec::BitVec::into_boxed_bitslice" = ["< 0.17.4, >= 0.11.0"]
|
|
|
|
[versions]
|
|
patched = [">= 0.17.4"]
|
|
unaffected = ["< 0.11.0"]
|
|
```
|
|
|
|
# use-after or double free of allocated memory
|
|
|
|
Conversion of `BitVec` to `BitBox` did not account for allocation movement.
|
|
|
|
The flaw was corrected by using the address after resizing, rather than the original base address.
|