HistoryEditJSON (OSV)

RUSTSEC-2021-0115

#[zeroize(drop)] doesn't implement Drop for enums

Reported
Issued
Package
zeroize_derive (crates.io)
Type
Vulnerability
Aliases
References
Patched
  • >=1.1.1

Description

Affected versions of this crate did not implement Drop when #[zeroize(drop)] was used on an enum.

This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute.

The flaw was corrected in version 1.2 and #[zeroize(drop)] on enums now properly implements Drop.

Advisory available under CC0-1.0 license.