#1061577 rust-io: RUSTSEC-2020-0021: CVE-2020-35876: use-after-free buffer access when a future is leaked #1061577
- Package:
- src:rust-rio
- Source:
- src:rust-rio
- Submitter:
- Alexander Kjäll
- Date:
- 2024-01-27 08:42:03 UTC
- Severity:
- normal
- Tags:
Dear Maintainer, https://rustsec.org/advisories/RUSTSEC-2020-0021.html Description When a rio::Completion is leaked, its drop code will not run. The drop code is responsible for waiting until the kernel completes the I/O operation into, or out of, the buffer borrowed by rio::Completion. Leaking the struct will allow one to access and/or drop the buffer, which can lead to a use-after-free, data races or leaking secrets.