CVE-2021-45720

Name of the Vulnerable Software and Affected Versions: lru crate versions prior to 0.7.1

Description: The issue is related to a use-after-free problem in the iterators of the lru crate. This occurs when specific functions, such as pop(), are called, which remove and free the value, but it is still possible to access the reference of the value that has already been dropped. This can be demonstrated by an access after a pop() operation. The lru crate has two functions for getting an iterator, both of which give references to key and value.

Recommendations: For versions prior to 0.7.1, update to version 0.7.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the pop() function in conjunction with iterators to minimize the risk of exploitation. Restrict access to the iterators that give references to key and value to prevent potential use-after-free issues.