RUSTSEC-2018-0021

Use-after-free with objects returned by Stream's get_format_info and get_context methods

Reported

June 15, 2018

Issued

October 25, 2020 (last modified: June 13, 2023)

Package

libpulse-binding (crates.io)

Type

Vulnerability

Categories

memory-corruption

Aliases

CVE-2018-25027
CVE-2018-25028
GHSA-ghpq-vjxw-ch5w
GHSA-hxjf-h2mh-r6hj
GHSA-jqpv-jm4m-86j9

References

https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w

Patched

>=1.2.1

Affected Functions

Version

libpulse_binding::stream::Stream::get_context

<1.2.1

libpulse_binding::stream::Stream::get_format_info

<1.2.1

Description

Affected versions contained a pair of use-after-free issues with the objects returned by the get_format_info and get_context methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.

Advisory available under CC0-1.0 license.