HistoryEdit

RUSTSEC-2020-0091

Dangling reference in access::Map with Constant

Issued
Package
arc-swap (crates.io)
Type
Vulnerability
Categories
Keywords
#dangling-reference
Aliases
Details
https://github.com/vorner/arc-swap/issues/45
CVSS Score
7.5 HIGH
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Patched
  • >=0.4.8, <1.0.0-0
  • >=1.1.0
Unaffected
  • <0.4.2
Keywords
#dangling-reference
Affected Functions
Version
arc_swap::access::MapGuard::deref
  • <1.1.0

Description

Using the arc_swap::access::Map with the Constant test helper (or with user-provided implementation of the Access trait) could sometimes lead to the map returning dangling references.

Replaced by implementation without unsafe, at the cost of added Clone bound on the closure and small penalty on performance.