RUSTSEC-2019-0016

Use-after-free in buffer conversion implementation

Issued
Package
chttp (crates.io)
Type
Vulnerability
Aliases
Details
https://github.com/sagebind/isahc/issues/2
Patched
  • >=0.1.3
Unaffected
  • <0.1.1
Keywords
  • memory-management
  • memory-corruption

Description

The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior.

A fix was published in version 0.1.3.

More