CVE-2020-35917: Reference counting error in pyo3

August 25, 2021

An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py>.

References

github.com/PyO3/pyo3
github.com/PyO3/pyo3/commit/8f81f595dd770b586c7ca7195b42004a6c976eb9
github.com/PyO3/pyo3/pull/1297
github.com/advisories/GHSA-2vx6-fcw6-hpr6
nvd.nist.gov/vuln/detail/CVE-2020-35917
rustsec.org/advisories/RUSTSEC-2020-0074.html

Code Behaviors & Features

Detect and mitigate CVE-2020-35917 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →