GHSA-96w3-p368-4h8c

Suggest an improvement
Source
https://github.com/advisories/GHSA-96w3-p368-4h8c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-96w3-p368-4h8c/GHSA-96w3-p368-4h8c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-96w3-p368-4h8c
Aliases
Published
2021-08-25T20:46:51Z
Modified
2023-11-08T04:03:36.887095Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Use after free in internment
Details

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.

This was fixed by serializing access to an interned object while it is being deallocated.

Versions prior to 0.3.12 used stronger locking which avoided the problem.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-362"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:19:06Z"
}
References

Affected packages

crates.io / internment

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.3.12
Fixed
0.4.0

Ecosystem specific

{
    "affected_functions": [
        "internment::ArcIntern::drop"
    ]
}