RUSTSEC-2020-0074
Reference counting error in From<Py<T>>
- Reported
- Issued
- Package
- pyo3 (crates.io)
- Type
- Vulnerability
- Keywords
- #memory-corruption
- Aliases
- References
- CVSS Score
- 5.5 MEDIUM
- CVSS Details
-
- Attack vector
- Local
- Attack complexity
- Low
- Privileges required
- Low
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- None
- Availability
- High
- CVSS Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Patched
-
>=0.12.4
- Unaffected
-
<0.12.0
Description
A bug in From<Py<T>> would lead to an extra reference count decrement, often
leading to use-after-free issues.
Advisory available under CC0-1.0 license.