OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f20b53ca896cac7d3fea26bcfcb050d2987d6d1d
advisory-db/crates/arc-swap/RUSTSEC-2020-0091.md
Sergey "Shnatsel" Davidoff 40afced5fb Remove range overlaps, fix some range specifications (#930) 
* Drop some clearly redundant bounds

* Fix RUSTSEC-2020-0091 - the version specification was incorrect, marking 1.0.0 as fixed while in reality it was not

* Fix RUSTSEC-2018-0004: presumably any updates to 0.3.x series would also get the fix, it would not be isolated to 0.3.2

* Fix incorrectly defined, overlapping ranges in RUSTSEC-2020-0080 and RUSTSEC-2019-0035
2021-06-04 23:26:23 +02:00

775 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0091"
package = "arc-swap"
date = "2020-12-10"
url = "https://github.com/vorner/arc-swap/issues/45"
categories = ["memory-corruption"]
keywords = ["dangling reference"]
aliases = ["CVE-2020-35711"]

[versions]
patched = [">= 0.4.8, < 1.0.0-0", ">= 1.1.0"]
unaffected = ["< 0.4.2"]

[affected]
functions = { "arc_swap::access::MapGuard::deref" = ["< 1.1.0"] }

Dangling reference in access::Map with Constant

Using the arc_swap::access::Map with the Constant test helper (or with user-provided implementation of the Access trait) could sometimes lead to the map returning dangling references.

Replaced by implementation without unsafe, at the cost of added Clone bound on the closure and small penalty on performance.