CVE-2018-25028
Description
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free vulnerability in libpulse-binding crate before 1.2.1 allows potential memory corruption via get_context method.
Vulnerability
The libpulse-binding crate before version 1.2.1 contains a use-after-free vulnerability in the Stream::get_context method [3][4]. The returned object does not set a flag to prevent destruction of the underlying C object, leading to a use-after-free when the object is subsequently used [3].
Exploitation
An attacker would need to trigger the use-after-free by calling get_context on a Stream object and then using the returned reference after the underlying C object has been freed. This requires attacker control over the lifecycle of the Stream object [3].
Impact
Successful exploitation could lead to memory corruption, potentially allowing arbitrary code execution or information disclosure [3]. The vulnerability is classified as a memory-corruption issue [3].
Mitigation
The fix is available in version 1.2.1 and later [3][4]. Users should update to at least 1.2.1. No workarounds are documented; the only mitigation is to upgrade [3].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
libpulse-bindingcrates.io | < 1.2.1 | 1.2.1 |
Affected products
2- libpulse-binding/libpulse-bindingdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-jqpv-jm4m-86j9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-25028ghsaADVISORY
- github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5wghsaWEB
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/libpulse-binding/RUSTSEC-2018-0021.mdghsax_refsource_MISCWEB
- rustsec.org/advisories/RUSTSEC-2018-0021.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.