RUSTSEC-2020-0017

Use after free in ArcIntern::drop

Issued
Package
internment (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Aliases
Details
https://github.com/droundy/internment/issues/11
Patched
  • >=0.4.0
Unaffected
  • <0.3.12
Affected Functions
Version
internment::ArcIntern::drop
  • >=0.3.12

Description

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.

This was fixed by serializing access to an interned object while it is being deallocated.

Versions prior to 0.3.12 used stronger locking which avoided the problem.

More