An issue was discovered in the array-tools crate before 0.3.2 for Rust. Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone()
panics in FixedCapacityDequeLike<T, A>::clone()
. This causes memory corruption.
{ "nvd_published_at": "2021-08-08T06:15:00Z", "github_reviewed_at": "2021-08-18T20:24:55Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-908", "CWE-909" ] }