Issued

December 10, 2020

Package

arc-swap (crates.io)

Type

Vulnerability

Categories

• memory-corruption

Aliases

• CVE-2020-35711

Details

https://github.com/vorner/arc-swap/issues/45

Patched

• >=0.4.8, <1.0.0-0
• >=1.1.0

Unaffected

• <0.4.2

Keywords

• dangling reference

Affected Functions

Version

arc_swap::access::MapGuard::deref

• <1.1.0

Description

Using the arc_swap::access::Map with the Constant test helper (or with user-provided implementation of the Access trait) could sometimes lead to the map returning dangling references.

Replaced by implementation without unsafe, at the cost of added Clone bound on the closure and small penalty on performance.

More

• Advisory History
• Edit Advisory