{"id":"RUSTSEC-2021-0083","summary":"QueryInterface should call AddRef before returning pointer","details":"Affected version of this crate, which is a required dependency in com-impl, \nprovides a faulty implementation of the `IUnknown::QueryInterface` method.\n\n`QueryInterface` implementation must call `IUnknown::AddRef` before returning the pointer,\nas describe in this documentation:\n\u003chttps://docs.microsoft.com/en-us/windows/win32/api/unknwn/nf-unknwn-iunknown-queryinterface(refiid_void)\u003e\n\nAs it is not incrementing the refcount as expected, the following calls to `IUnknown::Release` method \nwill cause WMI to drop reference to the interface, and can lead to invalid reference.\n\nThis is documented in \u003chttps://docs.microsoft.com/en-us/windows/win32/learnwin32/managing-the-lifetime-of-an-object#reference-counting\u003e\n\nThere is no simple workaround, as you can't know how many time QueryInterface will be called.\nThe only way to quick fix this is to use the macro expanded version of the code and modify \nthe QueryInterface method to add the AddRef call yourself.\n\nThe issue was corrected in commit `9803f31fbd1717d482d848f041044d061fca6da7`.","aliases":["CVE-2021-45681","GHSA-9rg7-3j4f-cf4x","GHSA-w4cc-pc2h-whcj"],"modified":"2023-11-08T04:07:21.492435Z","published":"2021-01-20T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/derive-com-impl"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0083.html"},{"type":"REPORT","url":"https://github.com/Connicpu/com-impl/issues/1"}],"affected":[{"package":{"name":"derive-com-impl","ecosystem":"crates.io","purl":"pkg:cargo/derive-com-impl"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.1.2"}]}],"ecosystem_specific":{"affects":{"arch":[],"os":[],"functions":["derive_com_impl::derive_com_impl"]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0083.json","informational":null,"cvss":null,"categories":["memory-corruption"]}}],"schema_version":"1.7.3"}