GHSA-qqmc-hwqp-8g2w – lru

Package

Manager: cargo
Name: lru
Vulnerable Version: >=0 <0.7.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Use after free in lru crate Lru crate has use after free vulnerability. Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop(), will remove and free the value, and but it's still possible to access the reference of value which is already dropped causing use after free.

Metadata

Created: 2022-06-17T00:11:13Z
Modified: 2022-06-17T00:11:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-qqmc-hwqp-8g2w/GHSA-qqmc-hwqp-8g2w.json
CWE IDs: []
Alternative ID: N/A
Finding: F067
Auto approve: 1