{"id":"RUSTSEC-2020-0037","summary":"Misbehaving `HandleLike` implementation can lead to memory safety violation","details":"Unsafe code in `ObjectPool` has time-of-check to time-of-use (TOCTOU) bug that\ncan eventually lead to a memory safety violation. `ObjectPool` and `HandlePool`\nimplicitly assumes that `HandleLike` trait methods are pure, i.e., they always\nreturn the same value. However, this assumption is unsound since `HandleLike`\nis a safe, public trait that allows a custom implementation.","aliases":["CVE-2020-35889","GHSA-m833-jv95-mfjh"],"modified":"2023-11-08T04:03:37.746760Z","published":"2020-08-31T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/crayon"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0037.html"},{"type":"REPORT","url":"https://github.com/shawnscode/crayon/issues/87"}],"affected":[{"package":{"name":"crayon","ecosystem":"crates.io","purl":"pkg:cargo/crayon"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":[]},"affected_functions":null},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","categories":[],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0037.json","informational":"unsound"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}