Lucene search

K
rustsecRustsecRUSTSEC-2020-0037
HistoryAug 31, 2020 - 12:00 p.m.

Misbehaving `HandleLike` implementation can lead to memory safety violation

2020-08-3112:00:00
rustsec.org
8
handlelike
memory safety
objectpool
toctou bug
handlepool
unsafe code

EPSS

0.002

Percentile

60.7%

Unsafe code in ObjectPool has time-of-check to time-of-use (TOCTOU) bug that
can eventually lead to a memory safety violation. ObjectPool and HandlePool
implicitly assumes that HandleLike trait methods are pure, i.e., they always
return the same value. However, this assumption is unsound since HandleLike
is a safe, public trait that allows a custom implementation.

EPSS

0.002

Percentile

60.7%

Related for RUSTSEC-2020-0037