{"id":"RUSTSEC-2025-0016","summary":"Use after free in `Parc` and `Prc` due to missing lifetime constraints","details":"Affected versions of this crate didn't provide sufficient lifetime constraints to conversion\nfunctions from `alloc::sync::Arc` and `alloc::rc::Rc`, which made it possible to create\nprojections of these reference counted pointers. Unlike the original reference counted pointers,\nthese projections could outlive original data's lifetimes.\n\nThis projected pointer could cause the original `Arc`'s or `Rc`'s `Drop::drop` to get called at\na point where the original data was no longer valid, leading to a potential use after free.\n\nThe affected functions were\n- `pared::prc::Prc::from_rc`\n- `pared::prc::Prc::project`\n- `pared::prc::Prc::try_from_rc`\n- `pared::sync::Parc::from_arc`\n- `pared::sync::Parc::project`\n- `pared::sync::Parc::try_from_arc`\n\nThis flaw was fixed in [108f540ea8acb6073751a1aa386085c1cdc4fd1e](https://github.com/radekvit/pared/commit/108f540ea8acb6073751a1aa386085c1cdc4fd1e)\nby requiring that the type stored in the `Arc`s and `Rc`s passed to these functions contain `T: 'static`.","aliases":["GHSA-vgmh-mqm4-8j88"],"modified":"2025-10-28T06:29:26.259982Z","published":"2025-03-13T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/pared"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0016.html"},{"type":"REPORT","url":"https://github.com/radekvit/pared/issues/2"}],"affected":[{"package":{"name":"pared","ecosystem":"crates.io","purl":"pkg:cargo/pared"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.4.0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":["pared::prc::Prc::from_rc","pared::prc::Prc::project","pared::prc::Prc::try_from_rc","pared::sync::Parc::from_arc","pared::sync::Parc::project","pared::sync::Parc::try_from_arc"],"arch":[],"os":[]}},"database_specific":{"categories":["code-execution","memory-corruption"],"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0016.json","cvss":null}}],"schema_version":"1.7.3"}