Giters

iotaledger / stronghold.rs

Stronghold is a secret management engine written in rust.

Home Page:https://wiki.iota.org/stronghold.rs/getting_started

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

RUSTSEC-2022-0040: Multiple soundness issues in `owning_ref`

github-actions opened this issue · comments

commented

Multiple soundness issues in owning_ref

Details
Package owning_ref
Version 0.4.1
URL https://github.com/noamtashma/owning-ref-unsoundness
Date 2022-01-26
  • OwningRef::map_with_owner is unsound and may result in a use-after-free.
  • OwningRef::map is unsound and may result in a use-after-free.
  • OwningRefMut::as_owner and OwningRefMut::as_owner_mut are unsound and may result in a use-after-free.
  • The crate violates Rust's aliasing rules, which may cause miscompilations on recent compilers that emit the LLVM noalias attribute.

No patched versions are available at this time. While a pull request with some fixes is outstanding, the maintainer appears to be unresponsive.

See advisory page for additional details.

commented

was a problem in older libp2p dependency