Affected versions of this crate is not panic safe within callback functions streamcallback and streamfinished_callback. The call to user-provided closure might panic before a mem::forget call, which then causes a use after free that grants attacker to control the callback function pointer. This allows an attacker to construct an arbitrary code execution .
{ "nvd_published_at": null, "cwe_ids": [ "CWE-416" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2021-08-19T21:21:17Z" }