RUSTSEC-2020-0091

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0091

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0091.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0091

Aliases

Published

2020-12-10T12:00:00Z

Modified

2023-11-08T04:03:35.548248Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Dangling reference in `access::Map` with Constant

Details

Using the arc_swap::access::Map with the Constant test helper (or with user-provided implementation of the Access trait) could sometimes lead to the map returning dangling references.

Replaced by implementation without unsafe, at the cost of added Clone bound on the closure and small penalty on performance.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / arc-swap

Package

Name: arc-swap; View open source insights on deps.dev
Purl: pkg:cargo/arc-swap

Affected ranges

Type: SEMVER
Events: Introduced

0.4.2

Fixed

0.4.8

Introduced

1.0.0-0

Fixed

1.1.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "arc_swap::access::MapGuard::deref"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}