RUSTSEC-2021-0033

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2021-0033

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0033.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2021-0033

Aliases

CVE-2021-28034
CVE-2021-28035
GHSA-45w7-7g63-2m5w
GHSA-8mjx-h23h-w2pg

Published

2021-02-22T12:00:00Z

Modified

2023-11-08T04:05:27.911039Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

push_cloned can drop uninitialized memory or double free on panic

Details

Affected versions of stack_dst used a push_inner function that increased the internal length of the array and then called val.clone().

If the val.clone() call panics, the stack could drop an already dropped element or drop uninitialized memory.

This issue was fixed in 2a4d538 by increasing the length of the array after elements are cloned.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / stack_dst

Package

Name: stack_dst; View open source insights on deps.dev
Purl: pkg:cargo/stack_dst

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.6.1

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "stack_dst::StackA::push_cloned"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}