Headline
CVE-2018-25024
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.
```toml [advisory] id = “RUSTSEC-2018-0019” package = “actix-web” categories = [“memory-corruption”] date = “2018-06-08” url = “https://github.com/actix/actix-web/issues/289” [versions] patched = [“>= 0.7.15”] ``` # Multiple memory safety issues Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the `Send` marker trait to objects that cannot be safely sent between threads This may result in a variety of memory corruption scenarios, most likely use-after-free. A significant refactoring effort has been conducted to resolve these issues.