GHSA-vgmh-mqm4-8j88: pared Vulnerable to Use After Free in `Parc` and `Prc` Due to Missing Lifetime Constraints
Affected versions of this crate didn’t provide sufficient lifetime constraints to conversion functions from alloc::sync::Arc and alloc::rc::Rc, which made it possible to create projections of these reference counted pointers. Unlike the original reference counted pointers, these projections could outlive original data’s lifetimes.
This projected pointer could cause the original Arc’s or Rc’s Drop::drop to get called at a point where the original data was no longer valid, leading to a potential use after free.
The affected functions were
pared::prc::Prc::from_rcpared::prc::Prc::projectpared::prc::Prc::try_from_rcpared::sync::Parc::from_arcpared::sync::Parc::projectpared::sync::Parc::try_from_arc
References
Code Behaviors & Features
Detect and mitigate GHSA-vgmh-mqm4-8j88 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →