3 matches found
fac (>=0.5.2 <=0.5.3) potentially affected by CVE-2020-35874 via internment (=0.3.13)
internment CARGO version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on internment and may be impacted: - fac =0.5.2, =0.5.3 Source cves: CVE-2020-35874 Source advisory: OSV:GHSA-96W3-P368-4H8C...
CVE-2020-35874
CVE-2020-35874 relates to the Rust internment crate; ArcIntern::drop has a race that can lead to use-after-free. Affected: internment up to versions before 0.3.12. Impact: potential memory safety issue. Mitigation: upgrade to 0.3.12 or later, as the fix serializes access during deallocation. Othe...
fac (>=0.5.2 <=0.5.3) potentially affected by CVE-2020-35874 via internment (=0.3.13)
internment CARGO version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on internment and may be impacted: - fac =0.5.2, =0.5.3 Source cves: CVE-2020-35874 Source advisory: OSV:RUSTSEC-2020-0017...