RUSTSEC-2021-0115
#[zeroize(drop)] doesn't implement Drop for enums
- Reported
- Issued
- Package
- zeroize_derive (crates.io)
- Type
- Vulnerability
- Aliases
- References
- Patched
-
>=1.1.1
Description
Affected versions of this crate did not implement Drop when #[zeroize(drop)] was used on an enum.
This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute.
The flaw was corrected in version 1.2 and #[zeroize(drop)] on enums now properly implements Drop.
Advisory available under CC0-1.0 license.