GHSA-rxr4-x558-x7hw

Suggest an improvement
Source
https://github.com/advisories/GHSA-rxr4-x558-x7hw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-rxr4-x558-x7hw/GHSA-rxr4-x558-x7hw.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rxr4-x558-x7hw
Aliases
Published
2021-08-25T20:42:54Z
Modified
2023-11-08T04:00:13.368337Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Double free in smallvec
Details

If an iterator passed to SmallVec::insert_many panicked in Iterator::next, destructors were run during unwinding while the vector was in an inconsistent state, possibly causing a double free (a destructor running on two copies of the same value).

This is fixed in smallvec 0.6.3 by ensuring that the vector's length is not updated to include moved items until they have been removed from their original positions. Items may now be leaked if Iterator::next panics, but they will not be dropped more than once.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-415"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:25:34Z"
}
References

Affected packages

crates.io / smallvec

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.3.2
Fixed
0.6.3