CVE-2018-25001: Use after free in libpulse-binding

August 30, 2021 (updated February 12, 2024)

An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free.

References

github.com/advisories/GHSA-6gvc-4jvj-pwq4
github.com/jnqnfe/pulse-binding-rust
nvd.nist.gov/vuln/detail/CVE-2018-25001
rustsec.org/advisories/RUSTSEC-2018-0020.html

Detect and mitigate CVE-2018-25001 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →