OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
19bb42eae666a1445f1e362ffb8e308ab98ba946
advisory-db/crates/sys-info/RUSTSEC-2020-0100.md
Alexis Mousset 8c05fea5fa Add cvss information from nvd (#1085)
2021-10-19 16:14:35 -06:00

1.0 KiB
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0100"
package = "sys-info"
date = "2020-05-31"
url = "https://github.com/FillZpp/sys-info-rs/issues/63"
categories = ["memory-corruption"]
keywords = ["concurrency", "double free"]
aliases = ["CVE-2020-36434"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

[versions]
patched = [">= 0.8.0"]
unaffected = []

[affected]
os = ["linux"]
functions = { "sys_info::disk_info" = ["<= 0.1.1"] }

Double free when calling sys_info::disk_info from multiple threads

Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment.

This results in consistent double-frees and segfaults when calling sys_info::disk_info from multiple threads at once.

The issue was fixed by moving the global variable into a local scope.

Safer Alternatives: