CVE-2018-25028: Use After Free in libpulse-binding
(updated )
Affected versions contained a pair of use-after-free issues with the objects returned by the get_format_info and get_context methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.
References
- github.com/advisories/GHSA-jqpv-jm4m-86j9
- github.com/jnqnfe/pulse-binding-rust
- github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w
- nvd.nist.gov/vuln/detail/CVE-2018-25028
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/libpulse-binding/RUSTSEC-2018-0021.md
- rustsec.org/advisories/RUSTSEC-2018-0021.html
Detect and mitigate CVE-2018-25028 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →