RUSTSEC-2023-0005

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2023-0005

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0005.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2023-0005

Aliases

GHSA-4q83-7cq4-p6wg

Published

2023-01-11T12:00:00Z

Modified

2023-11-08T04:15:17.465753Z

Summary

`tokio::io::ReadHalf<T>::unsplit` is Unsound

Details

tokio::io::ReadHalf<T>::unsplit can violate the Pin contract

The soundness issue is described in the tokio/issues#5372

Specific set of conditions needed to trigger an issue (a !Unpin type in ReadHalf) is unusual, combined with the difficulty of making any arbitrary use-after-free exploitable in Rust without doing a lot of careful alignment of data types in the surrounding code.

The tokio feature io-util is also required to be enabled to trigger this soundness issue.

Thanks to zachs18 reporting the issue to Tokio team responsibly and taiki-e and carllerche appropriately responding and fixing the soundness bug.

Tokio before 0.2.0 used futures 0.1 that did not have Pin, so it is not affected by this issue.

References

Affected packages

crates.io / tokio

Package

Name: tokio; View open source insights on deps.dev
Purl: pkg:cargo/tokio

Affected ranges

Type: SEMVER
Events: Introduced

0.2.0

Fixed

1.18.5

Introduced

1.19.0

Fixed

1.20.4

Introduced

1.21.0

Fixed

1.24.2

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": [
        "memory-exposure"
    ]
}