CVE-2020-35874

Name of the Vulnerable Software and Affected Versions internment crate versions prior to 0.3.12

Description The issue is related to a race condition in ArcIntern::drop, which can lead to a use-after-free scenario. This occurs when memory is released while another user is about to access it, resulting in the new user getting a reference to freed memory. The problem was resolved by serializing access to an interned object during deallocation.

Recommendations For versions prior to 0.3.12, update to version 0.3.12 or later to fix the issue. As a temporary workaround, consider implementing stronger locking mechanisms to avoid the problem, similar to the approach used in versions prior to 0.3.12.