rust-libp2p
rust-libp2p copied to clipboard
libp2p
RUSTSEC-2022-0040: Multiple soundness issues in `owning_ref`
Multiple soundness issues in
owning_ref
| Details | |
|---|---|
| Package | owning_ref |
| Version | 0.4.1 |
| URL | https://github.com/noamtashma/owning-ref-unsoundness |
| Date | 2022-01-26 |
-
OwningRef::map_with_owneris unsound and may result in a use-after-free. -
OwningRef::mapis unsound and may result in a use-after-free. -
OwningRefMut::as_ownerandOwningRefMut::as_owner_mutare unsound and may result in a use-after-free. - The crate violates Rust's aliasing rules, which may cause miscompilations on recent compilers that emit the LLVM
noaliasattribute.
No patched versions are available at this time. While a pull request with some fixes is outstanding, the maintainer appears to be unresponsive.
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello team! I am one of the contributors from Pyrsia! I was investigating through the issue and as per my understanding of the usage of prometheus_client in misc/metrics. The library uses Owning_Ref which affects the library!
Hello team! I am one of the contributors from Pyrsia!
:wave: great to have you here.
I was investigating through the issue and as per my understanding of the usage of prometheus_client in misc/metrics. The library uses Owning_Ref which affects the library!
That is correct.
Disclaimer, I am a maintainer of the libp2p crate and the maintainer of the prometheus-client crate.
I documented my thoughts here https://github.com/prometheus/client_rust/issues/77#issuecomment-1204650788. Help much appreciated.
Since the above was merged, libp2p updating to prometheus-client 0.18.0 should fix this.
