RUSTSEC-2019-0022

Stream callback function is not unwind safe

Reported

September 14, 2019

Issued

October 2, 2020 (last modified: October 19, 2021)

Package

portaudio-rs (crates.io)

Type

Vulnerability

Categories

Keywords

#audio #ffi

Aliases

CVE-2019-16881

Details

https://github.com/mvdnes/portaudio-rs/issues/20

CVSS Score

9.8 CRITICAL

CVSS Details

Attack vector: Network
Attack complexity: Low
Privileges required: None
User interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

>0.3.1

Description

Affected versions of this crate is not panic safe within callback functions stream_callback and stream_finished_callback.

The call to user-provided closure might panic before a mem::forget call, which then causes a use after free that grants attacker to control the callback function pointer.

This allows an attacker to construct an arbitrary code execution .

The flaw was reported by Phosphorus15.