RUSTSEC-2023-0048

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2023-0048

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0048.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2023-0048

Aliases

GHSA-gch5-hwqf-mxhp

Published

2023-07-26T12:00:00Z

Modified

2023-11-08T04:19:27.824697Z

Summary

Unsoundness in `intern` methods on `intaglio` symbol interners

Details

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected.

The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / intaglio

Package

Name: intaglio; View open source insights on deps.dev
Purl: pkg:cargo/intaglio

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

1.9.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "intaglio::SymbolTable::intern",
            "intaglio::bytes::SymbolTable::intern",
            "intaglio::cstr::SymbolTable::intern",
            "intaglio::osstr::SymbolTable::intern",
            "intaglio::path::SymbolTable::intern"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": []
}