mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-06 19:49:45 +01:00

Files

Yechan Bae b724f12a5b Update CVE numbers (#777 )

* Update CVE numbers

* Fix RUSTSEC-2020-0093

* Add another alias for async-h1 crate

2021-02-25 20:00:25 -05:00

702 B

Raw Blame History

[advisory]
id = "RUSTSEC-2021-0010"
package = "containers"
aliases = ["CVE-2021-25907"]
date = "2021-01-12"
url = "https://github.com/strake/containers.rs/issues/2"
categories = ["memory-corruption"]

[versions]
patched = [">= 0.9.11"]

panic safety: double drop may happen within `util::{mutate, mutate2}`

Upon panic in a user-provided function f, fn mutate() & fn mutate2 drops twice a same object.

Affected versions of this crate did not guard against double drop while temporarily duplicating an object's ownership with ptr::read().

Dropping a same object can result in memory corruption.

The flaw was corrected in version "0.9.11" by fixing the code to abort upon panic.

702 B Raw Blame History

panic safety: double drop may happen within util::{mutate, mutate2}

702 B

Raw Blame History

panic safety: double drop may happen within `util::{mutate, mutate2}`