OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0e97e6e71f0dd52b4b4e0ab3fa6e5e5dd72f852a
advisory-db/crates/arrow2/RUSTSEC-2022-0012.md
Nikhil Benesch ce150ef8cb RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220) 
As far as I can tell, v0.10.0+ was not affected by this bug [0]. The commit which
fixes the unsoundness landed in main before v0.10.0 was released.

[0]: 9d4342c5ff
2022-04-05 17:24:42 +02:00

850 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0012"
package = "arrow2"
date = "2022-03-04"
url = "https://github.com/jorgecarleitao/arrow2/issues/880"
categories = ["memory-corruption"]

[versions]
patched = [">= 0.7.1, < 0.8", ">= 0.8.2, < 0.9", ">= 0.9.2, < 0.10", ">= 0.10.0"]

Arrow2 allows double free in safe code

The struct Ffi_ArrowArray implements #derive(Clone) that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned.

Cloning this struct in safe results in a segmentation fault, which is unsound.

This derive was removed from this struct. All users are advised to either:

  • bump the patch version of this crate (for versions v0.7,v0.8,v0.9), or
  • migrate to a more recent version of the crate (when using <0.7).

Doing so elimitates this vulnerability (code no longer compiles).