RUSTSEC-2020-0047: array-queue: array_queue pop_back() may cause a use-after-free

Next: RUSTSEC-2020-0050: dync: VecCopy allows misaligned access to elements
Previous: RUSTSEC-2020-0043: ws: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

September 26, 2020

Description

array_queue implements a circular queue that wraps around an array. However, it fails to properly index into the array in the pop_back function allowing the reading of previously dropped or uninitialized memory.

More Info

https://github.com/raviqqe/array-queue/issues/2

Patched Versions

None!

Unaffected Versions

<0.3.0