HistoryEdit

RUSTSEC-2020-0045

bespoke Cell implementation allows obtaining several mutable references to the same data

Issued
Package
actix-utils (crates.io)
Type
INFO Unsound
Categories
Aliases
Details
https://github.com/actix/actix-net/issues/160
CVSS Score
9.1 CRITICAL
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Patched
  • >=2.0.0

Description

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data.

This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free.

The flaw was corrected by switching from a bespoke Cell<T> implementation to Rc<RefCell<T>>.