RUSTSEC-2021-0130: Use after free in lru crate


> Use after free in lru crate

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `lru`                      |
| Version             | `0.6.6`                   |
| URL                 | [https://github.com/jeromefroe/lru-rs/issues/120](https://github.com/jeromefroe/lru-rs/issues/120) |
| Date                | 2021-12-21                         |
| Patched versions    | `>=0.7.1`                  |

Lru crate has use after free vulnerability.

Lru crate has two functions for getting an iterator. Both iterators give
references to key and value. Calling specific functions, like pop(), will remove
and free the value, and but it&#39;s still possible to access the reference of value
which is already dropped causing use after free.

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2021-0130.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

RUSTSEC-2021-0130: Use after free in lru crate #7

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`lru`
Version	`0.6.6`
URL	jeromefroe/lru-rs#120
Date	2021-12-21
Patched versions	`>=0.7.1`

Uh oh!

RUSTSEC-2021-0130: Use after free in lru crate #7

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions