Uninitialized Memory Exposure Affecting dashmap package, versions <5.1.0
Snyk CVSS
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUST-DASHMAP-2395477
- published 7 Feb 2022
- disclosed 10 Jan 2022
- credit ray-kast
How to fix?
Upgrade dashmap
to version 5.1.0 or higher.
Overview
dashmap is a DashMap tries to implement an easy to use API similar to std::collections::HashMap with some slight changes to handle concurrency.
DashMap tries to be very simple to use and to be a direct replacement for RwLock<HashMap<K, V>>. To accomplish these goals, all methods take &self instead of modifying methods taking &mut self. This allows you to put a DashMap in an Arc
Affected versions of this package are vulnerable to Uninitialized Memory Exposure when the reference returned by some methods of Ref
(and similar types) may outlive the Ref
and escape the lock. This causes undefined behavior and may result in a segfault.