An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::sharedptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests.
{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.3.0"
}
],
"cpe": "cpe:2.3:a:usc:cereal:*:*:*:*:*:*:*:*"
}