RUSTSEC-2020-0146: arr! macro erases lifetimes

comit-network / comit-rs

Reference implementation of COMIT, an open protocol facilitating trustless cross-blockchain applications.

GNU General Public License v3.0

191 stars 33 forks source link

RUSTSEC-2020-0146: arr! macro erases lifetimes #3515

Open github-actions[bot] opened 3 years ago

github-actions[bot] commented 3 years ago

arr! macro erases lifetimes

Details
Package	`generic-array`
Version	`0.12.3`
URL	https://github.com/fizyk20/generic-array/issues/98
Date	2020-04-09
Patched versions	`>=0.14.0`
Unaffected versions	`<0.8.0`

Affected versions of this crate allowed unsoundly extending lifetimes using arr! macro. This may result in a variety of memory corruption scenarios, most likely use-after-free.

See advisory page for additional details.