HistoryEdit

RUSTSEC-2018-0020

Possible use-after-free with proplist::Iterator

Issued
Package
libpulse-binding (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://github.com/advisories/GHSA-6gvc-4jvj-pwq4
CVSS Score
6.5 MEDIUM
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Patched
  • >=2.5.0
Unaffected
  • <1.0.5

Description

Affected versions contained a possible use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the Proplist object for which it was created. This made it possible for users, without experiencing a compiler error/warning, to destroy the Proplist object before the iterator, thus destroying the underlying C object the iterator works upon, before the iterator may be finished with it.

This impacts all versions of the crate before 2.5.0 back to 1.0.5. Before version 1.0.5 the function that produces the iterator was broken to the point of being useless.