RUSTSEC-2018-0021

Use-after-free with objects returned by Stream's get_format_info and get_context methods

Issued
Package
libpulse-binding (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Aliases
  • GHSA-ghpq-vjxw-ch5w
Details
https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w
Patched
  • >=1.2.1
Affected Functions
Version
libpulse_binding::stream::Stream::get_context
  • <1.2.1
libpulse_binding::stream::Stream::get_format_info
  • <1.2.1

Description

Affected versions contained a pair of use-after-free issues with the objects returned by the get_format_info and get_context methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.

More