mirror of
https://github.com/rustsec/advisory-db.git
synced 2025-12-27 01:54:07 -05:00
14 lines
666 B
TOML
14 lines
666 B
TOML
[advisory]
|
|
id = "RUSTSEC-2020-0037"
|
|
package = "crayon"
|
|
date = "2020-08-31"
|
|
informational = "unsound"
|
|
title = "Misbehaving `HandleLike` implementation can lead to memory safety violation"
|
|
url = "https://github.com/shawnscode/crayon/issues/87"
|
|
description = """
|
|
Unsafe code in `ObjectPool` has time-of-check to time-of-use (TOCTOU) bug that can eventually lead to a memory safety violation. `ObjectPool` and `HandlePool` implicitly assumes that `HandleLike` trait methods are pure, i.e., they always return the same value. However, this assumption is unsound since `HandleLike` is a safe, public trait that allows a custom implementation.
|
|
"""
|
|
|
|
[versions]
|
|
patched = []
|