RUSTSEC-2021-0011

EventList's From conversions can double drop on panic.

Issued
Package
fil-ocl (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Aliases
Details
https://github.com/cogciprocate/ocl/issues/194
Patched
no patched versions
Unaffected
  • <0.12.0
Keywords
  • memory-safety
  • double-free

Description

Affected versions of this crate read from a container using ptr::read in From<EventList>, and then call a user specified Into<Event> function.

This issue can result in a double-free if the user provided function panics.

More