CVE-2020-35874: Use after free in internment

August 25, 2021 (updated June 13, 2023)

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.

This was fixed by serializing access to an interned object while it is being deallocated.

Versions prior to 0.3.12 used stronger locking which avoided the problem.

References

github.com/advisories/GHSA-96w3-p368-4h8c
github.com/droundy/internment
github.com/droundy/internment/issues/11
nvd.nist.gov/vuln/detail/CVE-2020-35874
rustsec.org/advisories/RUSTSEC-2020-0017.html

Detect and mitigate CVE-2020-35874 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →