GHSA-gch5-hwqf-mxhp

Source

https://github.com/advisories/GHSA-gch5-hwqf-mxhp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-gch5-hwqf-mxhp/GHSA-gch5-hwqf-mxhp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gch5-hwqf-mxhp

Aliases

RUSTSEC-2023-0048

Published

2023-07-27T19:29:41Z

Modified

2023-11-08T04:19:27.824697Z

Summary

Unsoundness in `intern` methods on `intaglio` symbol interners

Details

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected.

The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-27T19:29:41Z"
}

References

Affected packages

crates.io / intaglio

Package

Name: intaglio; View open source insights on deps.dev
Purl: pkg:cargo/intaglio

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.0

Ecosystem specific

{
    "affected_functions": [
        "intaglio::SymbolTable::intern",
        "intaglio::bytes::SymbolTable::intern",
        "intaglio::cstr::SymbolTable::intern",
        "intaglio::osstr::SymbolTable::intern",
        "intaglio::path::SymbolTable::intern"
    ]
}