mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
22 lines
767 B
TOML
22 lines
767 B
TOML
[advisory]
|
|
id = "RUSTSEC-2019-0022"
|
|
package = "portaudio-rs"
|
|
date = "2019-09-14"
|
|
title = "Stream callback function is not unwind safe"
|
|
url = "https://github.com/mvdnes/portaudio-rs/issues/20"
|
|
categories = ["code-execution", "memory-corruption"]
|
|
keywords = ["audio", "ffi"]
|
|
description = """
|
|
Affected versions of this crate is not panic safe within callback functions `stream_callback` and `stream_finished_callback`.
|
|
|
|
The call to user-provided closure might panic before a `mem::forget` call, which then causes a use after free that grants attacker to control the callback function pointer.
|
|
|
|
This allows an attacker to construct an arbitrary code execution .
|
|
|
|
The flaw was reported by Phosphorus15.
|
|
"""
|
|
aliases = ["CVE-2019-16881"]
|
|
|
|
[versions]
|
|
patched = ["> 0.3.1"]
|