GHSA-6wp2-fw3v-mfmc

Source

https://github.com/advisories/GHSA-6wp2-fw3v-mfmc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-6wp2-fw3v-mfmc/GHSA-6wp2-fw3v-mfmc.json

Aliases

CVE-2020-36452
RUSTSEC-2020-0132

Published

2021-08-25T20:57:19Z

Modified

2023-11-08T04:03:45.705412Z

Details

An issue was discovered in the array-tools crate before 0.3.2 for Rust. Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone() panics in FixedCapacityDequeLike<T, A>::clone(). This causes memory corruption.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-36452
https://github.com/L117/array-tools/issues/2
https://github.com/L117/array-tools
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/array-tools/RUSTSEC-2020-0132.md
https://rustsec.org/advisories/RUSTSEC-2020-0132.html

Affected packages

crates.io / array-tools

Package

Name: array-tools

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.3.2