GHSA-8gmx-cpcg-f8h5

Suggest an improvement
Source
https://github.com/advisories/GHSA-8gmx-cpcg-f8h5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-8gmx-cpcg-f8h5/GHSA-8gmx-cpcg-f8h5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8gmx-cpcg-f8h5
Aliases
Published
2021-08-25T20:55:11Z
Modified
2024-03-15T00:05:24.656544Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Double-free in id-map
Details

The clonefrom implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone() call pancics, then the afformentioned dropped elements can be freed again. getor_insert

getorinsert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped. remove_set

When removing a set of elements, ptr::dropinplace is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-415"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T17:04:17Z"
}
References

Affected packages

crates.io / id-map

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.2.1