OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-15 22:04:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
fe5f044f5c0a26082aa9ff216a4be46a2a5efcb4
advisory-db/crates/internment/RUSTSEC-2020-0017.md
Matt Brubeck 7feb037b84 RUSTSEC-2020-0017.md (use-after-free in internment) is fixed (#554) 
The vulnerability in this report was fixed in internment 0.4.0.  For details, see
https://github.com/droundy/internment/issues/11#issuecomment-758862385.
2021-01-12 11:05:27 -08:00

698 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0017"
package = "internment"
aliases = ["CVE-2020-35874"]
categories = ["memory-corruption"]
date = "2020-05-28"
url = "https://github.com/droundy/internment/issues/11"

[affected.functions]
"internment::ArcIntern::drop" = [">= 0.3.12"]

[versions]
patched = [">= 0.4.0"]
unaffected = ["< 0.3.12"]

Use after free in ArcIntern::drop

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.

This was fixed by serializing access to an interned object while it is being deallocated.

Versions prior to 0.3.12 used stronger locking which avoided the problem.