HistoryEditJSON (OSV)

RUSTSEC-2024-0021

Parts of Report are dropped as the wrong type during downcast

Reported
Issued
Package
eyre (crates.io)
Type
Vulnerability
Categories
Aliases
References
Patched
  • >=0.6.12
Unaffected
  • <0.6.9
Affected Functions
Version
eyre::Report::downcast
  • >=0.6.9, <0.6.12

Description

In affected versions, after a Report is constructed using wrap_err or wrap_err_with to attach a message of type D onto an error of type E, then using downcast to recover ownership of either the value of type D or the value of type E, one of two things can go wrong:

In both cases, when the Report contains an error E that has nontrivial drop behavior, the most likely outcome is memory corruption.

When the Report contains an error E that has trivial drop behavior (for example a Utf8Error) but where D has nontrivial drop behavior (such as String), the most likely outcome is that downcasting to E would leak D.

Advisory available under CC0-1.0 license.