RUSTSEC-2021-0040
on 2021-01-12: panic safety: double drop or uninitialized drop of T upon panic
This crate has no reviews yet. To add a review, set up your cargo-crev
.
Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.
To review the actual code of the crate, it's best to use cargo crev open arenavec
. Alternatively, you can download the tarball of arenavec v0.1.1 or view the source online.
Affected versions of this crate did not guard against potential panics that may happen from user-provided functions
T::default()
andT::drop()
.Panic within
T::default()
leads to dropping uninitializedT
, when it is invoked fromcommon::Slice::<T, H>::new()
. Panic withinT::drop()
leads to double drop ofT
, when it is invoked either fromcommon::SliceVec::<T, H>::resize_with()
orcommon::SliceVec::<T, H>::resize()
Either case causes memory corruption in the heap memory.
CVE-2021-29930
CVE-2021-29931
GHSA-327x-39hh-65wf
GHSA-955p-rc5h-hg6h