OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-07 04:01:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3338fcfb59cea5fcd7d2a4e7fe24cbc7cb778003
advisory-db/crates/actix-web/RUSTSEC-2018-0019.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

839 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2018-0019"
package = "actix-web"
categories = ["memory-corruption"]
date = "2018-06-08"
url = "https://github.com/actix/actix-web/issues/289"
aliases = ["CVE-2018-25024", "CVE-2018-25025", "CVE-2018-25026", "GHSA-7x36-h62w-vw65", "GHSA-9qj6-4rfq-vm84", "GHSA-fgfm-hqjw-3265", "GHSA-w65j-g6c7-g3m4"]

[versions]
patched = [">= 0.7.15"]

Multiple memory safety issues

Affected versions contain multiple memory safety issues, such as:

  • Unsoundly coercing immutable references to mutable references
  • Unsoundly extending lifetimes of strings
  • Adding the Send marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.

A significant refactoring effort has been conducted to resolve these issues.