Skip to content
This repository has been archived by the owner on Dec 19, 2021. It is now read-only.

RUSTSEC-2020-0048: Use-after-free in BodyStream due to lack of pinning #46

Closed
github-actions bot opened this issue Sep 27, 2020 · 0 comments
Closed

RUSTSEC-2020-0048: Use-after-free in BodyStream due to lack of pinning #46

github-actions bot opened this issue Sep 27, 2020 · 0 comments

Comments

@github-actions
Copy link

Use-after-free in BodyStream due to lack of pinning

Details
Package actix-http
Version 1.0.1
URL actix/actix-web#1321
Date 2020-01-24
Patched versions >= 2.0.0-alpha.1

Affected versions of this crate did not require the buffer wrapped in BodyStream to be pinned,
but treated it as if it had a fixed location in memory. This may result in a use-after-free.

The flaw was corrected by making the trait MessageBody require Unpin
and making poll_next() function accept Pin<&mut Self> instead of &mut self.

See advisory page for additional details.
@ChriFo ChriFo closed this as completed in d90bbc6 Sep 27, 2020
ChriFo added a commit that referenced this issue Nov 22, 2020
@ChriFo
Update dependencies
8b6557f 
- Closes #46
- Closes #45
- Closes #43
ChriFo added a commit that referenced this issue Jan 22, 2021
@ChriFo
Update dependencies
fe4b387 
- Closes #46
- Closes #45
- Closes #43
ChriFo added a commit that referenced this issue Mar 26, 2021
@ChriFo
Update dependencies
7061e20 
- Closes #46
- Closes #45
- Closes #43
ChriFo added a commit that referenced this issue Mar 26, 2021
@ChriFo
Update dependencies
68df4ca 
- Closes #46
- Closes #45
- Closes #43
ChriFo added a commit that referenced this issue Apr 12, 2021
@ChriFo
Update dependencies
37e163b 
- Replace test server
- Closes #46
- Closes #45
- Closes #43
ChriFo added a commit that referenced this issue Apr 12, 2021
@ChriFo
Update dependencies
082265f 
- Replace test server
- Closes #46
- Closes #45
- Closes #43
ChriFo added a commit that referenced this issue Oct 5, 2021
@ChriFo
Update dependencies
7f2afc7 
- Replace test server
- Closes #46
- Closes #45
- Closes #43
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants