Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05cXhoLTI1OHYtNjY2Y84AAt5y
owning_ref vulnerable to multiple soundness issues
OwningRef::map_with_owneris unsound and may result in a use-after-free.OwningRef::mapis unsound and may result in a use-after-free.OwningRefMut::as_ownerandOwningRefMut::as_owner_mutare unsound and may result in a use-after-free.- The crate violates Rust's aliasing rules, which may cause miscompilations on recent compilers that emit the LLVM
noaliasattribute.
No patched versions are available at this time. While a pull request with some fixes is outstanding, the maintainer appears to be unresponsive.
Permalink: https://github.com/advisories/GHSA-9qxh-258v-666cJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cXhoLTI1OHYtNjY2Y84AAt5y
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
Identifiers: GHSA-9qxh-258v-666c
References:
- https://github.com/noamtashma/owning-ref-unsoundness
- https://rustsec.org/advisories/RUSTSEC-2022-0040.html
- https://github.com/advisories/GHSA-9qxh-258v-666c
Blast Radius: 0.0
Affected Packages
cargo:owning_ref
Dependent packages: 98Dependent repositories: 7,077
Downloads: 16,915,149 total
Affected Version Ranges: <= 0.4.1
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.4.0, 0.4.1