Skip to content

Multiple memory safety issues in actix-web

Moderate severity GitHub Reviewed Published Aug 25, 2021 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

cargo actix-web (Rust)

Affected versions

< 0.7.15

Patched versions

0.7.15

Description

Affected versions contain multiple memory safety issues, such as:

  • Unsoundly coercing immutable references to mutable references
  • Unsoundly extending lifetimes of strings
  • Adding the Send marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.

A signficant refactoring effort has been conducted to resolve these issues.

References

Reviewed Aug 24, 2021
Published to the GitHub Advisory Database Aug 25, 2021
Last updated Jan 11, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-w65j-g6c7-g3m4

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.