GHSA-rhfx-m35p-ff5j

Опубликовано: 07 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 2.7

Описание

IterMut violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::next_back methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer.

This invalidates the shared pointer held by the internal HashMap, violating Stacked Borrows rules.

Ссылки

https://github.com/jeromefroe/lru-rs/pull/224
https://rustsec.org/advisories/RUSTSEC-2026-0002.html

Пакеты

Наименование

lru

rust

Затронутые версииВерсия исправления

>= 0.9.0, < 0.16.3

0.16.3

2.7 Low

CVSS4

Дефекты

CWE-476

2.7 Low

CVSS4

Дефекты

CWE-476