mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
26 lines
846 B
TOML
26 lines
846 B
TOML
[advisory]
|
|
id = "RUSTSEC-2019-0015"
|
|
package = "compact_arena"
|
|
date = "2019-05-21"
|
|
title = "Flaw in generativity allows out-of-bounds access"
|
|
url = "https://github.com/llogiq/compact_arena/issues/22"
|
|
categories = ["memory-corruption"]
|
|
keywords = ["uninitialized-memory"]
|
|
description = """
|
|
Affected versions of this crate did not properly implement the generativity,
|
|
because the invariant lifetimes were not necessarily `drop`ped.
|
|
|
|
This allows an attacker to mix up two arenas, using indices created from one
|
|
arena with another one. This might lead to an out-of-bounds read or write
|
|
access into the memory reserved for the arena.
|
|
|
|
The flaw was corrected by implementing generativity correctly in version 0.4.0.
|
|
"""
|
|
aliases = ["CVE-2019-16139"]
|
|
|
|
[affected.functions]
|
|
"compact_arena::SmallArena::new" = ["< 0.4.0"]
|
|
|
|
[versions]
|
|
patched = [">= 0.4.0"]
|