Homepage
About Snyk

Uninitialized Memory Exposure Affecting dashmap package, versions <5.1.0

0.0
medium

Snyk CVSS

    Attack Complexity Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RUST-DASHMAP-2395477
  • published 7 Feb 2022
  • disclosed 10 Jan 2022
  • credit ray-kast
Report a new vulnerability Found a mistake?

Introduced: 10 Jan 2022

CVE NOT AVAILABLE CWE-201 Open this link in a new tab

How to fix?

Upgrade dashmap to version 5.1.0 or higher.

Overview

dashmap is a DashMap tries to implement an easy to use API similar to std::collections::HashMap with some slight changes to handle concurrency.

DashMap tries to be very simple to use and to be a direct replacement for RwLock<HashMap<K, V>>. To accomplish these goals, all methods take &self instead of modifying methods taking &mut self. This allows you to put a DashMap in an Arc and share it between threads while still being able to modify it.

Affected versions of this package are vulnerable to Uninitialized Memory Exposure when the reference returned by some methods of Ref (and similar types) may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault.