Headline
GHSA-qqmc-hwqp-8g2w: Use after free in lru crate
Lru crate has use after free vulnerability.
Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop(), will remove and free the value, and but it’s still possible to access the reference of value which is already dropped causing use after free.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-qqmc-hwqp-8g2w
Use after free in lru crate
High severity GitHub Reviewed Published Jun 17, 2022
Vulnerability details Dependabot alerts 0
Package
cargo lru (Rust)
Affected versions
< 0.7.1
Patched versions
0.7.1
Description
Lru crate has use after free vulnerability.
Lru crate has two functions for getting an iterator. Both iterators give
references to key and value. Calling specific functions, like pop(), will remove
and free the value, and but it’s still possible to access the reference of value
which is already dropped causing use after free.
References
- jeromefroe/lru-rs#120
- https://rustsec.org/advisories/RUSTSEC-2021-0130.html
Severity
High
Weaknesses
No CWEs
CVE ID
No known CVE
GHSA ID
GHSA-qqmc-hwqp-8g2w
Source code
jeromefroe/lru-rs
See something to contribute? Suggest improvements for this vulnerability.