Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:RUSTSEC-2021-0031
HistoryJan 31, 2021 - 12:00 p.m.

split_at allows obtaining multiple mutable references to the same data

2021-01-3112:00:00
Google
osv.dev
9

0.004 Low

EPSS

Percentile

74.9%

JSON

Affected versions of this crate assumed that Borrow<Idx> was guaranteed to
return the same value on .borrow(). The borrowed index value was used to
retrieve a mutable reference to a value.

If the Borrow<Idx> implementation returned a different index, the split arena
would allow retrieving the index as a mutable reference creating two mutable
references to the same element. This violates Rust’s aliasing rules and allows
for memory safety issues such as writing out of bounds and use-after-frees.

The flaw was corrected in commit 6b83f9d by storing the .borrow() value in
a temporary variable.

CPENameOperatorVersion
nano_arenalt0.5.2

Related

github 1
prion 1
cvelist 1
nvd 1
rustsec 1
cve 1
osv 1
github
github
Use after free in nano_arena
2021-08-25 20:52:00
prion
prion
Out-of-bounds
2021-03-05 09:15:00
cvelist
cvelist
CVE-2021-28032
2021-03-05 08:40:02
nvd
nvd
CVE-2021-28032
2021-03-05 09:15:14
rustsec
rustsec
split_at allows obtaining multiple mutable references to the same data
2021-01-31 12:00:00
cve
cve
CVE-2021-28032
2021-03-05 09:15:14
osv
osv
Use after free in nano_arena
2021-08-25 20:52:00

0.004 Low

EPSS

Percentile

74.9%

JSON
Related for OSV:RUSTSEC-2021-0031
github1prion1cvelist1nvd1rustsec1cve1osv1