RUSTSEC-2021-0052

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2021-0052

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0052.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2021-0052

Aliases

CVE-2021-30455
CVE-2021-30456
CVE-2021-30457
GHSA-8gmx-cpcg-f8h5
GHSA-rccq-j2m7-8fwr
GHSA-vfqx-hv88-f9cv

Published

2021-02-26T12:00:00Z

Modified

2024-03-15T00:05:24.656544Z

Summary

Multiple functions can cause double-frees

Details

The following functions in the crate are affected:

`IdMap::clone_from`

The clone_from implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone() call pancics, then the afformentioned dropped elements can be freed again.

`get_or_insert`

get_or_insert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped.

`remove_set`

When removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / id-map

Package

Name: id-map; View open source insights on deps.dev
Purl: pkg:cargo/id-map

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

cvss

null

informational

null