{"id":"RUSTSEC-2024-0007","summary":"Use-after-free when setting the locale","details":"Version 3.0.0 introduced an `AtomicStr` type, that is used to store the current locale.\nIt stores the locale as a raw pointer to an `Arc\u003cString\u003e`.\nThe locale can be read with `AtomicStr::as_str()`.\n`AtomicStr::as_str()` does not increment the usage counter of the `Arc`.\n\nIf the locale is changed in one thread, another thread can have a stale -- possibly already freed --\nreference to the stored string.","aliases":["GHSA-c8v3-jhv9-4ppc"],"modified":"2024-02-10T16:26:48.561050Z","published":"2024-01-19T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/rust-i18n-support"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0007.html"},{"type":"REPORT","url":"https://github.com/longbridgeapp/rust-i18n/issues/71"},{"type":"WEB","url":"https://github.com/longbridgeapp/rust-i18n/pull/72"},{"type":"WEB","url":"https://github.com/longbridgeapp/rust-i18n/releases/tag/v3.0.1"}],"affected":[{"package":{"name":"rust-i18n-support","ecosystem":"crates.io","purl":"pkg:cargo/rust-i18n-support"},"ranges":[{"type":"SEMVER","events":[{"introduced":"3.0.0"},{"fixed":"3.0.1"}]}],"ecosystem_specific":{"affects":{"arch":[],"functions":["rust_i18n_support::AtomicStr::as_str"],"os":[]},"affected_functions":null},"database_specific":{"categories":["memory-exposure"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0007.json","informational":"unsound","cvss":null}}],"schema_version":"1.7.3"}