GHSA-96w3-p368-4h8c

Source

https://github.com/advisories/GHSA-96w3-p368-4h8c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-96w3-p368-4h8c/GHSA-96w3-p368-4h8c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-96w3-p368-4h8c

Aliases

CVE-2020-35874
RUSTSEC-2020-0017

Published

2021-08-25T20:46:51Z

Modified

2023-11-08T04:03:36.887095Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Use after free in internment

Details

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.

This was fixed by serializing access to an interned object while it is being deallocated.

Versions prior to 0.3.12 used stronger locking which avoided the problem.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-362"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:19:06Z"
}

References

Affected packages

crates.io / internment

Package

Name: internment; View open source insights on deps.dev
Purl: pkg:cargo/internment

Affected ranges

Type: SEMVER
Events: Introduced

0.3.12

Fixed

0.4.0

Ecosystem specific

{
    "affected_functions": [
        "internment::ArcIntern::drop"
    ]
}