RUSTSEC-2020-0049

Use-after-free in Framed due to lack of pinning

Issued
Package
actix-codec (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Aliases
Details
https://github.com/actix/actix-net/issues/91
Patched
  • >=0.3.0-beta.1

Description

Affected versions of this crate did not require the buffer wrapped in Framed to be pinned, but treated it as if it had a fixed location in memory. This may result in a use-after-free.

The flaw was corrected by making the affected functions accept Pin<&mut Self> instead of &mut self.

More