Miggo Logo
Miggo Vulnerability Database
GHSA-c8v3-jhv9-4ppc

GHSA-c8v3-jhv9-4ppc: Use-after-free when setting the locale

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-c8v3-jhv9-4ppc
EPSS Score
-
CWE
CWE-416
Published
1/23/2024
Updated
1/23/2024
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
rust-i18n-supportrust>= 3.0.0, < 3.0.13.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from AtomicStr::as_str() accessing an Arc<String> through a raw pointer without incrementing the reference count. The commit diff shows this function was previously implemented with unsafe pointer dereferencing, while the patched version replaced it with arc_swap's Guard system that properly manages references. The CWE-416 classification and advisory description both directly implicate this function as the source of use-after-free conditions in multi-threaded scenarios.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsion *.*.* intro*u*** *n `*tomi*Str` typ*, t**t is us** to stor* t** *urr*nt lo**l*. It stor*s t** lo**l* *s * r*w point*r to *n `*r*<Strin*>`. T** lo**l* **n ** r*** wit* `*tomi*Str::*s_str()`. `*tomi*Str::*s_str()` *o*s not in*r*m*nt t** us*** *

Reasoning

T** vuln*r**ility st*ms *rom *tomi*Str::*s_str() ****ssin* *n *r*<Strin*> t*rou** * r*w point*r wit*out in*r*m*ntin* t** r***r*n** *ount. T** *ommit *i** s*ows t*is *un*tion w*s pr*viously impl*m*nt** wit* uns*** point*r **r***r*n*in*, w*il* t** p*t*