{"id":"RUSTSEC-2021-0130","summary":"Use after free in lru crate","details":"Lru crate has use after free vulnerability.\n\nLru crate has two functions for getting an iterator. Both iterators give\nreferences to key and value. Calling specific functions, like pop(), will remove\nand free the value, and but it's still possible to access the reference of value\nwhich is already dropped causing use after free.","aliases":["CVE-2021-45720","GHSA-qqmc-hwqp-8g2w","GHSA-v362-2895-h9r2"],"modified":"2023-11-08T04:07:23.861888Z","published":"2021-12-21T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/lru"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0130.html"},{"type":"REPORT","url":"https://github.com/jeromefroe/lru-rs/issues/120"}],"affected":[{"package":{"name":"lru","ecosystem":"crates.io","purl":"pkg:cargo/lru"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.7.1"}]}],"ecosystem_specific":{"affects":{"functions":["lru::LruCache::iter","lru::LruCache::iter_mut"],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0130.json","informational":null,"cvss":null,"categories":["memory-corruption"]}}],"schema_version":"1.7.3"}