GHSA-45w7-7g63-2m5w

Suggest an improvement
Source
https://github.com/advisories/GHSA-45w7-7g63-2m5w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-45w7-7g63-2m5w/GHSA-45w7-7g63-2m5w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-45w7-7g63-2m5w
Aliases
Published
2021-09-01T18:30:55Z
Modified
2023-11-08T04:05:27.911039Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Drop of uninitialized memory in stack_dst
Details

Affected versions of stackdst used a pushinner function that increased the internal length of the array and then called val.clone(). If the val.clone() call panics, the stack could drop an already dropped element or drop uninitialized memory. This issue was fixed in 2a4d538 by increasing the length of the array after elements are cloned.

Database specific 
{
    "nvd_published_at": "2021-03-05T09:15:00Z",
    "cwe_ids": [
        "CWE-908"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-30T21:56:02Z"
}
References

Affected packages

crates.io / stack_dst

Package

Name
stack_dst
View open source insights on deps.dev
Purl
pkg:cargo/stack_dst

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.1

Ecosystem specific 

{
    "affected_functions": [
        "stack_dst::StackA::push_cloned"
    ]
}