CVE-2020-35874 – internment

Package

Manager: cargo
Name: internment
Vulnerable Version: >=0.3.12 <0.4.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00394 pctl0.59523

Details

Use after free in internment ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory. This was fixed by serializing access to an interned object while it is being deallocated. Versions prior to 0.3.12 used stronger locking which avoided the problem.

Metadata

Created: 2021-08-25T20:46:51Z
Modified: 2023-06-13T18:17:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-96w3-p368-4h8c/GHSA-96w3-p368-4h8c.json
CWE IDs: ["CWE-362"]
Alternative ID: GHSA-96w3-p368-4h8c
Finding: F124
Auto approve: 1