HistoryEditJSON (OSV)

RUSTSEC-2020-0074

Reference counting error in From<Py<T>>

Reported
Issued
Package
pyo3 (crates.io)
Type
Vulnerability
Keywords
#memory-corruption
Aliases
References
CVSS Score
5.5 MEDIUM
CVSS Details
Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Patched
  • >=0.12.4
Unaffected
  • <0.12.0

Description

A bug in From<Py<T>> would lead to an extra reference count decrement, often leading to use-after-free issues.

Advisory available under CC0-1.0 license.