mirror of
https://github.com/rustsec/advisory-db.git
synced 2025-12-27 01:54:07 -05:00
653 B
653 B
[advisory]
id = "RUSTSEC-2021-0011"
package = "fil-ocl"
aliases = ["CVE-2021-25908"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
date = "2021-01-04"
url = "https://github.com/cogciprocate/ocl/issues/194"
categories = ["memory-corruption"]
keywords = ["memory-safety", "double-free"]
[versions]
patched = []
unaffected = ["< 0.12.0"]
EventList's From conversions can double drop on panic.
Affected versions of this crate read from a container using ptr::read in
From<EventList>, and then call a user specified Into<Event> function.
This issue can result in a double-free if the user provided function panics.