mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-15 22:04:38 +01:00
20 lines
565 B
Markdown
20 lines
565 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2022-0021"
|
|
package = "crossbeam-queue"
|
|
date = "2022-05-10"
|
|
informational = "unsound"
|
|
url = "https://github.com/crossbeam-rs/crossbeam/pull/458"
|
|
aliases = ["GHSA-6888-wf7j-34jq"]
|
|
|
|
[versions]
|
|
patched = [">= 0.2.3"]
|
|
```
|
|
|
|
# `SegQueue` creates zero value of any type
|
|
|
|
Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`.
|
|
This is unsound e.g. if `T` is a reference type (which must be non-null).
|
|
|
|
The flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead.
|