HistoryEdit

RUSTSEC-2021-0115

#[zeroize(drop)] doesn't implement Drop for enums

Issued
Package
zeroize_derive (crates.io)
Type
Vulnerability
Details
https://github.com/iqlusioninc/crates/issues/876
Patched
  • >=1.1.1

Description

Affected versions of this crate did not implement Drop when #[zeroize(drop)] was used on an enum.

This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute.

The flaw was corrected in version 1.2 and #[zeroize(drop)] on enums now properly implements Drop.