mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-13 21:18:11 +01:00
20 lines
590 B
TOML
20 lines
590 B
TOML
[advisory]
|
|
id = "RUSTSEC-2019-0016"
|
|
package = "chttp"
|
|
date = "2019-09-01"
|
|
title = "Use-after-free in buffer conversion implementation"
|
|
description = """
|
|
The From<Buffer> implementation for Vec<u8> was not properly implemented,
|
|
returning a vector backed by freed memory. This could lead to memory corruption
|
|
or be exploited to cause undefined behavior.
|
|
|
|
A fix was published in version 0.1.3.
|
|
"""
|
|
url = "https://github.com/sagebind/isahc/issues/2"
|
|
keywords = ["memory-management", "memory-corruption"]
|
|
aliases = ["CVE-2019-16140"]
|
|
|
|
[versions]
|
|
patched = [">= 0.1.3"]
|
|
unaffected = ["< 0.1.1"]
|