mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

github-actions[bot] e78650dfe3 Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233 )

Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>

2022-05-10 17:20:48 +02:00

525 B

Raw Blame History

[advisory]
id = "RUSTSEC-2022-0020"
package = "crossbeam"
date = "2022-05-10"
informational = "unsound"
url = "https://github.com/crossbeam-rs/crossbeam/pull/458"

[versions]
patched = [">= 0.7.0"]

`SegQueue` creates zero value of any type

Affected versions of this crate called mem::zeroed() to create values of a user-supplied type T. This is unsound e.g. if T is a reference type (which must be non-null).

The flaw was corrected by avoiding the use of mem::zeroed(), using MaybeUninit instead.

525 B Raw Blame History

SegQueue creates zero value of any type

525 B

Raw Blame History

`SegQueue` creates zero value of any type