Lucene search
GoogleOSV:GHSA-WP34-MQW5-JJ85HistoryAug 25, 2021 - 8:52 p.m.
Use after free in nano_arena
2021-08-2520:52:00
Google
osv.dev
6
nano_arena
borrow<idx>
split arena
memory safety
use-after-frees
rust's aliasing rules
vulnerability
code correction
commit 6b83f9d
Affected versions of this crate assumed that Borrow<Idx> was guaranteed to return the same value on .borrow(). The borrowed index value was used to retrieve a mutable reference to a value.
If the Borrow<Idx> implementation returned a different index, the split arena would allow retrieving the index as a mutable reference creating two mutable references to the same element. This violates Rust’s aliasing rules and allows for memory safety issues such as writing out of bounds and use-after-frees.
The flaw was corrected in commit 6b83f9d by storing the .borrow() value in a temporary variable.
Related
github
github
Use after free in nano_arena
2021-08-25 20:52:00
cve
cve
CVE-2021-28032
2021-03-05 09:15:14
prion
prion
Out-of-bounds
2021-03-05 09:15:00
cvelist
cvelist
CVE-2021-28032
2021-03-05 08:40:02
nvd
nvd
CVE-2021-28032
2021-03-05 09:15:14
osv
osv
split_at allows obtaining multiple mutable references to the same data
2021-01-31 12:00:00
rustsec
rustsec
split_at allows obtaining multiple mutable references to the same data
2021-01-31 12:00:00