advisory-db icon indicating copy to clipboard operation
advisory-db copied to clipboard

Published 20 hours ago verified publisher icon rustsec

hexchat (all versions) is unsound (use-after-free)

Open SoniEx2 opened this issue 3 years ago • 3 comments

The hexchat crate has register_command and deregister_command functions. When used together, they can cause an use-after-free. This seems to be the case with most if not all of the callback-related functions.

Additionally, the crate seems to be no longer maintained.

SoniEx2 avatar Jun 07 '21 00:06 SoniEx2

Linking to relevant issue, https://github.com/pie-flavor/hexchat-rs/issues/1

jorgecarleitao avatar Oct 31 '21 20:10 jorgecarleitao

Would be keen to get this ticket and https://github.com/rustsec/advisory-db/issues/913 dealt with

I've pinged the maintainer and asked if the crate should be used here - https://github.com/pie-flavor/hexchat-rs/issues/2

pinkforest avatar Aug 13 '22 13:08 pinkforest

@SoniEx2 would you like to send informational = "unmaintained" PR and describe these soundness issues alongside

It should deal with both this and #913 but we could just flag one unmaintained that contains the soundness issues

Cheers

pinkforest avatar Aug 27 '22 09:08 pinkforest