RUSTSEC-2020-0091

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2020-0091
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0091.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2020-0091
Aliases
Published
2020-12-10T12:00:00Z
Modified
2023-11-08T04:03:35.548248Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Dangling reference in `access::Map` with Constant
Details

Using the arc_swap::access::Map with the Constant test helper (or with user-provided implementation of the Access trait) could sometimes lead to the map returning dangling references.

Replaced by implementation without unsafe, at the cost of added Clone bound on the closure and small penalty on performance.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / arc-swap

Package

Name
arc-swap
View open source insights on deps.dev
Purl
pkg:cargo/arc-swap

Affected ranges

Type
SEMVER
Events
Introduced
0.4.2
Fixed
0.4.8
Introduced
1.0.0-0
Fixed
1.1.0

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "functions": [
            "arc_swap::access::MapGuard::deref"
        ],
        "os": [],
        "arch": []
    }
}

Database specific

cvss

"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"

informational

null

categories

[
    "memory-corruption"
]