Описание
Use-after-free in chttp
The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior.
A fix was published in version 0.1.3.
Пакеты
Наименование
chttp
rust
Затронутые версииВерсия исправления
>= 0.1.1, < 0.1.3
0.1.3
Связанные уязвимости
CVSS3: 9.8
nvd
больше 6 лет назад
An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.