The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior.
A fix was published in version 0.1.3.
{ "nvd_published_at": "2019-09-09T12:15:10Z", "cwe_ids": [ "CWE-416" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2021-08-19T21:22:50Z" }