GHSA-r45x-ghr2-qjxc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r45x-ghr2-qjxc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-r45x-ghr2-qjxc/GHSA-r45x-ghr2-qjxc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r45x-ghr2-qjxc
- Withdrawn
- 2022-06-23T17:29:03Z
- Published
- 2022-06-17T00:30:52Z
- Modified
- 2022-06-23T17:29:03Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
- Details
-
Duplicate Advisory
This advisory is a duplicate of GHSA-c5hx-w945-j4pq. This link is preserved to maintain external references.
Original Description
Affected versions of this crate did not implement
Dropwhen#[zeroize(drop)]was used on anenum.This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute.
The flaw was corrected in version 1.2 and
#[zeroize(drop)]onenums now properly implementsDrop. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-226" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-06-17T00:30:52Z" }- References
Affected packages
crates.io / zeroize_derive
Package
- Name
- zeroize_derive
- View open source insights on deps.dev
- Purl
- pkg:cargo/zeroize_derive