Skip to content

Use after free in lru crate

High severity GitHub Reviewed Published Jun 17, 2022 to the GitHub Advisory Database • Updated Jun 13, 2023

Package

cargo lru (Rust)

Affected versions

< 0.7.1

Patched versions

0.7.1

Description

Lru crate has use after free vulnerability.

Lru crate has two functions for getting an iterator. Both iterators give
references to key and value. Calling specific functions, like pop(), will remove
and free the value, and but it's still possible to access the reference of value
which is already dropped causing use after free.

References

Published to the GitHub Advisory Database Jun 17, 2022
Reviewed Jun 17, 2022
Last updated Jun 13, 2023

Severity

High

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-qqmc-hwqp-8g2w

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.