Phosphorus15

**Name of the Vulnerable Software and Affected Versions** portaudio-rs crate versions through 0.3.1 **Description** The issue is related to a lack of unwind safety in `stream callback` and `stream finished callback` functions, leading to a use-after-free condition that allows for arbitrary code execution. This occurs because the call to a user-provided closure might panic before a `mem::forget` call, causing a use-after-free that grants an attacker control over the callback function pointer. The flaw was reported by Phosphorus15. **Recommendations** For portaudio-rs crate versions through 0.3.1, as a temporary workaround, consider disabling the `stream callback` and `stream finished callback` functions until a patch is available. Restrict access to these callback functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.