CVE-2020-11105: Release of Invalid Pointer or Reference

March 30, 2020 (updated April 1, 2020)

An issue was discovered in USC iLab cereal. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if a std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests.

References

nvd.nist.gov/vuln/detail/CVE-2020-11105

Detect and mitigate CVE-2020-11105 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →