CVE-2019-16882

Name of the Vulnerable Software and Affected Versions string-interner crate versions prior to 0.7.1 string-interner crate versions 0.6.x prior to 0.6.4

Description An issue in the string-interner crate allows attackers to read from memory locations associated with dangling pointers due to a cloning flaw. When an interner is cloned, the contained strings are not cloned, resulting in the new interner having raw pointers to the old interner's storage. If the old interner is dropped, the new interner has dangling pointers to already freed memory. This allows an attacker to read the already freed memory using brute force attacks. The dangling pointers are used by the interners to check if a string is already interned.

Recommendations For string-interner crate versions prior to 0.7.1, update to version 0.7.1 or later to fix the cloning flaw. For string-interner crate versions 0.6.x, update to version 0.6.4 or later to fix the cloning flaw. As a temporary workaround, consider avoiding the cloning of interners to minimize the risk of exploitation.