rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
8c05fea5fa6e1776c015b855eebaa344d00e28a7
advisory-db/crates/arc-swap/RUSTSEC-2020-0091.md
Alexis Mousset 8c05fea5fa Add cvss information from nvd (#1085)
2021-10-19 16:14:35 -06:00

829 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0091"
package = "arc-swap"
date = "2020-12-10"
url = "https://github.com/vorner/arc-swap/issues/45"
categories = ["memory-corruption"]
keywords = ["dangling reference"]
aliases = ["CVE-2020-35711"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"

[versions]
patched = [">= 0.4.8, < 1.0.0-0", ">= 1.1.0"]
unaffected = ["< 0.4.2"]

[affected]
functions = { "arc_swap::access::MapGuard::deref" = ["< 1.1.0"] }

Dangling reference in access::Map with Constant

Using the arc_swap::access::Map with the Constant test helper (or with user-provided implementation of the Access trait) could sometimes lead to the map returning dangling references.

Replaced by implementation without unsafe, at the cost of added Clone bound on the closure and small penalty on performance.