mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-15 22:04:38 +01:00
20 lines
595 B
Markdown
20 lines
595 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0049"
|
|
package = "actix-codec"
|
|
aliases = ["CVE-2020-35902"]
|
|
categories = ["memory-corruption"]
|
|
date = "2020-01-30"
|
|
url = "https://github.com/actix/actix-net/issues/91"
|
|
|
|
[versions]
|
|
patched = [">= 0.3.0-beta.1"]
|
|
```
|
|
|
|
# Use-after-free in Framed due to lack of pinning
|
|
|
|
Affected versions of this crate did not require the buffer wrapped in `Framed` to be pinned,
|
|
but treated it as if it had a fixed location in memory. This may result in a use-after-free.
|
|
|
|
The flaw was corrected by making the affected functions accept `Pin<&mut Self>` instead of `&mut self`.
|