Lucene search
RustsecRUSTSEC-2018-0020HistoryDec 22, 2018 - 12:00 p.m.
Possible use-after-free with `proplist::Iterator`
2018-12-2212:00:00
rustsec.org
9
0.001 Low
EPSS
Percentile
25.0%
Affected versions contained a possible use-after-free issue with property list iteration
due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the
Proplist object for which it was created. This made it possible for users, without
experiencing a compiler error/warning, to destroy the Proplist object before the iterator,
thus destroying the underlying C object the iterator works upon, before the iterator may be
finished with it.
This impacts all versions of the crate before 2.5.0 back to 1.0.5. Before version
1.0.5 the function that produces the iterator was broken to the point of being useless.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libpulse-binding | ge | 1.0.5 | |
| libpulse-binding | lt | 2.5.0 |
Related
cve
cve
CVE-2018-25001
2020-12-31 10:15:13
prion
prion
Design/Logic Flaw
2020-12-31 10:15:00
osv
osv
Use after free in libpulse-binding
2021-08-30 16:22:34
Possible use-after-free with `proplist::Iterator`
2018-12-22 12:00:00
CVE-2018-25001
2020-12-31 10:15:13
nvd
nvd
CVE-2018-25001
2020-12-31 10:15:13
cvelist
cvelist
CVE-2018-25001
2020-12-31 08:33:31
github
github
Use after free in libpulse-binding
2021-08-30 16:22:34