CVE-2020-35874

HIGH8.1EPSS 0.39%

Use after free in ArcIntern::drop

Published: 8/25/2021Modified: 11/8/2023

Also known as:GHSA-96w3-p368-4h8cRUSTSEC-2020-0017

Description

`ArcIntern::drop` has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory. This was fixed by serializing access to an interned object while it is being deallocated. Versions prior to 0.3.12 used stronger locking which avoided the problem.

Affected packages (2)

crates.io/internment>= 0.3.12, < 0.4.0
crates.io/internment>= 0.3.12, < 0.4.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-35874
PATCHhttps://crates.io/crates/internment
PATCHhttps://github.com/droundy/internment
WEBhttps://github.com/droundy/internment/issues/11
WEBhttps://rustsec.org/advisories/RUSTSEC-2020-0017.html