RUSTSEC-2018-0021
Use-after-free with objects returned by Stream
's get_format_info
and get_context
methods
- Reported
- Issued
- Package
- libpulse-binding (crates.io)
- Type
- Vulnerability
- Categories
- Aliases
- References
- Patched
-
>=1.2.1
- Affected Functions
- Version
libpulse_binding::stream::Stream::get_context
-
<1.2.1
libpulse_binding::stream::Stream::get_format_info
-
<1.2.1
Description
Affected versions contained a pair of use-after-free issues with the objects returned by the get_format_info
and get_context
methods of Stream
objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.
Advisory available under CC0-1.0 license.