RUSTSEC-2020-0045

bespoke Cell implementation allows obtaining several mutable references to the same data

Reported

January 8, 2020

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

actix-utils (crates.io)

Type

INFO Unsound

Categories

memory-corruption

Aliases

References

https://github.com/actix/actix-net/issues/160

CVSS Score

9.1 CRITICAL

CVSS Details

Attack vector: Network
Attack complexity: Low
Privileges required: None
User interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: High
Availability: High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Patched

>=2.0.0

Description

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data.

This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free.

The flaw was corrected by switching from a bespoke Cell<T> implementation to Rc<RefCell<T>>.

Advisory available under CC0-1.0 license.