This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate bugreport

Dependencies

(2 total, 1 outdated, 1 insecure)

CrateRequiredLatestStatus
 snailquote^0.30.3.0up to date
 sys-info^0.70.9.0insecure

Security Vulnerabilities

sys-info: Double free when calling `sys_info::disk_info` from multiple threads

RUSTSEC-2020-0100

Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment.

This results in consistent double-frees and segfaults when calling sys_info::disk_info from multiple threads at once.

The issue was fixed by moving the global variable into a local scope.

Safer Alternatives: