682 matches found
rio allows a use-after-free buffer access when a future is leaked
When a rio::Completion is leaked, its drop code will not run. The drop code is responsible for waiting until the kernel completes the I/O operation into, or out of, the buffer borrowed by rio::Completion. Leaking the struct will allow one to access and/or drop the buffer, which can lead to a...
PT-2019-16426
Name of the Vulnerable Software and Affected Versions http crate versions prior to 0.1.20 Description An issue was discovered in the http crate for Rust, where the HeaderMap::Drain API can use a raw pointer, defeating soundness. This introduced unsoundness in its public safe API, potentially...