{"id":"RUSTSEC-2022-0007","summary":"A malicious coder can get unsound access to TCell or TLCell memory","details":"This is impossible to do by accident, but by carefully constructing\nmarker types to be covariant, a malicious coder can cheat the\nsingleton check in `TCellOwner` and `TLCellOwner`, giving unsound\naccess to cell memory.  This could take the form of getting two\nmutable references to the same memory, or a mutable reference and an\nimmutable reference.\n\nThe fix is for the crate to internally force the marker type to be\ninvariant.  This blocks the conversion between covariant types which\nRust normally allows.","aliases":["GHSA-9c9f-7x9p-4wqp"],"modified":"2023-11-08T04:17:51.156433Z","published":"2022-01-24T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/qcell"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2022-0007.html"},{"type":"REPORT","url":"https://github.com/uazu/qcell/issues/20"}],"affected":[{"package":{"name":"qcell","ecosystem":"crates.io","purl":"pkg:cargo/qcell"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.4.3"}]}],"ecosystem_specific":{"affects":{"arch":[],"functions":[],"os":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0007.json","informational":"unsound","cvss":null,"categories":[]}}],"schema_version":"1.7.3"}