Описание
Use after free in internment
ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.
This was fixed by serializing access to an interned object while it is being deallocated.
Versions prior to 0.3.12 used stronger locking which avoided the problem.
Пакеты
Наименование
internment
rust
Затронутые версииВерсия исправления
>= 0.3.12, < 0.4.0
0.4.0
Связанные уязвимости
CVSS3: 8.1
nvd
около 5 лет назад
An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free.