Reported

January 10, 2022

Issued

January 13, 2022 (last modified: June 13, 2023)

Package

dashmap (crates.io)

Type

Vulnerability

Categories

• memory-exposure
• memory-corruption

Keywords

#segfault #use-after-free

Aliases

• GHSA-mpg5-fvwp-42m2

References

• https://github.com/xacrimon/dashmap/issues/167

Patched

• >=5.1.0

Unaffected

• <5.0.0

Affected Functions

Version

dashmap::mapref::multiple::RefMulti::key

• >=5.0.0

dashmap::mapref::multiple::RefMulti::pair

• >=5.0.0

dashmap::mapref::multiple::RefMulti::value

• >=5.0.0

dashmap::mapref::multiple::RefMutMulti::key

• >=5.0.0

dashmap::mapref::multiple::RefMutMulti::pair

• >=5.0.0

dashmap::mapref::multiple::RefMutMulti::pair_mut

• >=5.0.0

dashmap::mapref::one::Ref::key

• >=5.0.0

dashmap::mapref::one::Ref::pair

• >=5.0.0

dashmap::mapref::one::Ref::value

• >=5.0.0

dashmap::mapref::one::RefMut::key

• >=5.0.0

dashmap::mapref::one::RefMut::pair

• >=5.0.0

dashmap::mapref::one::RefMut::pair_mut

• >=5.0.0

dashmap::setref::multiple::RefMulti::key

• >=5.0.0

dashmap::setref::one::Ref::key

• >=5.0.0

Description

Reference returned by some methods of Ref (and similar types) may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault.

More information in dashmap#167 issue.

Advisory available under CC0-1.0 license.