GHSA-MPG5-FVWP-42M2 - Vulnerability-Lookup

GHSA-MPG5-FVWP-42M2

Vulnerability from github – Published: 2022-06-16 23:52 – Updated: 2022-06-16 23:52

Summary

Unsoundness in `dashmap` references

Details

Reference returned by some methods of Ref (and similar types) may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault.

More information in dashmap#167 issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "dashmap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.0.0"
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-16T23:52:24Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Reference returned by some methods of `Ref` (and similar types) may outlive the `Ref` and escape the lock.\nThis causes undefined behavior and may result in a segfault.\n\nMore information in [`dashmap#167`](https://github.com/xacrimon/dashmap/issues/167) issue.\n",
  "id": "GHSA-mpg5-fvwp-42m2",
  "modified": "2022-06-16T23:52:24Z",
  "published": "2022-06-16T23:52:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xacrimon/dashmap/issues/167"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xacrimon/dashmap"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Unsoundness in `dashmap` references"
}

ghsa-mpg5-fvwp-42m2

Vulnerability from osv_rustsec

Published

2022-01-10 12:00

Modified

2023-06-13 13:10

Summary

Unsoundness in `dashmap` references

Details

Reference returned by some methods of Ref (and similar types) may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault.

More information in dashmap#167 issue.

{
  "affected": [
    {
      "database_specific": {
        "categories": [
          "memory-exposure",
          "memory-corruption"
        ],
        "cvss": null,
        "informational": null
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [],
          "functions": [
            "dashmap::mapref::multiple::RefMulti::key",
            "dashmap::mapref::multiple::RefMulti::pair",
            "dashmap::mapref::multiple::RefMulti::value",
            "dashmap::mapref::multiple::RefMutMulti::key",
            "dashmap::mapref::multiple::RefMutMulti::pair",
            "dashmap::mapref::multiple::RefMutMulti::pair_mut",
            "dashmap::mapref::one::Ref::key",
            "dashmap::mapref::one::Ref::pair",
            "dashmap::mapref::one::Ref::value",
            "dashmap::mapref::one::RefMut::key",
            "dashmap::mapref::one::RefMut::pair",
            "dashmap::mapref::one::RefMut::pair_mut",
            "dashmap::setref::multiple::RefMulti::key",
            "dashmap::setref::one::Ref::key"
          ],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "dashmap",
        "purl": "pkg:cargo/dashmap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.1.0"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [
    "GHSA-mpg5-fvwp-42m2"
  ],
  "database_specific": {
    "license": "CC0-1.0"
  },
  "details": "Reference returned by some methods of `Ref` (and similar types) may outlive the `Ref` and escape the lock.\nThis causes undefined behavior and may result in a segfault.\n\nMore information in [`dashmap#167`](https://github.com/xacrimon/dashmap/issues/167) issue.",
  "id": "RUSTSEC-2022-0002",
  "modified": "2023-06-13T13:10:24Z",
  "published": "2022-01-10T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/dashmap"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0002.html"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/xacrimon/dashmap/issues/167"
    }
  ],
  "related": [],
  "severity": [],
  "summary": "Unsoundness in `dashmap` references"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.