RUSTSEC-2020-0017

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0017

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0017.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0017

Aliases

CVE-2020-35874
GHSA-96w3-p368-4h8c

Published

2020-05-28T12:00:00Z

Modified

2023-11-08T04:03:36.887095Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Use after free in ArcIntern::drop

Details

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.

This was fixed by serializing access to an interned object while it is being deallocated.

Versions prior to 0.3.12 used stronger locking which avoided the problem.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / internment

Package

Name: internment; View open source insights on deps.dev
Purl: pkg:cargo/internment

Affected ranges

Type: SEMVER
Events: Introduced

0.3.12

Fixed

0.4.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "internment::ArcIntern::drop"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}