GHSA-9c9f-7x9p-4wqp

Suggest an improvement
Source
https://github.com/advisories/GHSA-9c9f-7x9p-4wqp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-9c9f-7x9p-4wqp/GHSA-9c9f-7x9p-4wqp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9c9f-7x9p-4wqp
Aliases
Published
2022-06-17T00:16:11Z
Modified
2023-11-08T04:17:51.156433Z
Summary
A malicious coder can get unsound access to TCell or TLCell memory
Details

This is impossible to do by accident, but by carefully constructing marker types to be covariant, a malicious coder can cheat the singleton check in TCellOwner and TLCellOwner, giving unsound access to cell memory. This could take the form of getting two mutable references to the same memory, or a mutable reference and an immutable reference.

The fix is for the crate to internally force the marker type to be invariant. This blocks the conversion between covariant types which Rust normally allows.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-17T00:16:11Z"
}
References

Affected packages

crates.io / qcell

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.3