RUSTSEC-2020-0032: alpm-rs: StrcCtx deallocates a memory region that it doesn't own

Next: RUSTSEC-2020-0033: alg_ds: Matrix::new() drops uninitialized memory
Previous: RUSTSEC-2020-0030: mozwire: Missing sanitazion in mozwire allows local file overwrite of files ending in .conf

August 20, 2020

Description

StrcCtx deallocate a memory region that it doesn’t own when StrcCtx is created without using StrcCtx::new. This can introduce memory safety issues such as double-free and use-after-free to client programs.

More Info

https://github.com/pigeonhands/rust-arch/issues/2

Patched Versions

None!