OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-07 04:01:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d8701fad2d40aeca8e8564692f14a8d7c30a5136
advisory-db/crates/actix-web/RUSTSEC-2018-0019.md
Alexis Mousset e9382c8680 Fix typos in advisories (#976)
2021-08-21 19:18:11 -06:00

682 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2018-0019"
package = "actix-web"
categories = ["memory-corruption"]
date = "2018-06-08"
url = "https://github.com/actix/actix-web/issues/289"

[versions]
patched = [">= 0.7.15"]

Multiple memory safety issues

Affected versions contain multiple memory safety issues, such as:

  • Unsoundly coercing immutable references to mutable references
  • Unsoundly extending lifetimes of strings
  • Adding the Send marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.

A significant refactoring effort has been conducted to resolve these issues.