HistoryEdit

RUSTSEC-2020-0017

Use after free in ArcIntern::drop

Issued
Package
internment (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://github.com/droundy/internment/issues/11
CVSS Score
8.1 HIGH
CVSS Details
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Patched
  • >=0.4.0
Unaffected
  • <0.3.12
Affected Functions
Version
internment::ArcIntern::drop
  • >=0.3.12

Description

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.

This was fixed by serializing access to an interned object while it is being deallocated.

Versions prior to 0.3.12 used stronger locking which avoided the problem.