RUSTSEC-2021-0011
EventList's From conversions can double drop on panic.
- Reported
- Issued
- Package
- fil-ocl (crates.io)
- Type
- Vulnerability
- Categories
- Keywords
- #memory-safety #double-free
- Aliases
- References
- CVSS Score
- 7.5 HIGH
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- Low
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- None
- Availability
- High
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Patched
- no patched versions
- Unaffected
-
<0.12.0
Description
Affected versions of this crate read from a container using ptr::read
in
From<EventList>
, and then call a user specified Into<Event>
function.
This issue can result in a double-free if the user provided function panics.
Advisory available under CC0-1.0 license.