RUSTSEC-2018-0003

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2018-0003

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2018-0003.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2018-0003

Aliases

Published

2018-07-19T12:00:00Z

Modified

2023-11-08T04:00:13.368337Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Possible double free during unwinding in SmallVec::insert_many

Details

If an iterator passed to SmallVec::insert_many panicked in Iterator::next, destructors were run during unwinding while the vector was in an inconsistent state, possibly causing a double free (a destructor running on two copies of the same value).

This is fixed in smallvec 0.6.3 by ensuring that the vector's length is not updated to include moved items until they have been removed from their original positions. Items may now be leaked if Iterator::next panics, but they will not be dropped more than once.

Thank you to @Vurich for reporting this bug.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / smallvec

Package

Name: smallvec; View open source insights on deps.dev
Purl: pkg:cargo/smallvec

Affected ranges

Type: SEMVER
Events: Introduced

0.3.2

Fixed

0.3.4

Introduced

0.4.0-0

Fixed

0.4.5

Introduced

0.5.0-0

Fixed

0.5.1

Introduced

0.6.0-0

Fixed

0.6.3

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": null,
    "categories": []
}