mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2025-12-29 15:56:07 +01:00
730 B
730 B
[advisory]
id = "RUSTSEC-2020-0146"
package = "generic-array"
date = "2020-04-09"
url = "https://github.com/fizyk20/generic-array/issues/98"
categories = ["memory-corruption"]
keywords = ["soundness"]
aliases = ["CVE-2020-36465", "GHSA-3358-4f7f-p4j4"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
[versions]
patched = [
">= 0.8.4, < 0.9.0",
">= 0.9.1, < 0.10.0",
">= 0.10.1, < 0.11.0",
">= 0.11.2, < 0.12.0",
">= 0.12.4, < 0.13.0",
">= 0.13.3",
]
unaffected = ["< 0.8.0"]
arr! macro erases lifetimes
Affected versions of this crate allowed unsoundly extending
lifetimes using arr! macro. This may result in a variety of
memory corruption scenarios, most likely use-after-free.