GHSA-r45x-ghr2-qjxc: Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

June 17, 2022 (updated June 23, 2022)

Duplicate Advisory

This advisory is a duplicate of GHSA-c5hx-w945-j4pq. This link is preserved to maintain external references.

Original Description

Affected versions of this crate did not implement Drop when #[zeroize(drop)] was used on an enum.

This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute.

The flaw was corrected in version 1.2 and #[zeroize(drop)] on enums now properly implements Drop.

References

github.com/advisories/GHSA-r45x-ghr2-qjxc
github.com/iqlusioninc/crates
github.com/iqlusioninc/crates/issues/876
rustsec.org/advisories/RUSTSEC-2021-0115.html

Code Behaviors & Features

Detect and mitigate GHSA-r45x-ghr2-qjxc with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →