RUSTSEC-2021-0052

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2021-0052
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0052.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2021-0052
Aliases
Published
2021-02-26T12:00:00Z
Modified
2024-03-15T00:05:24.656544Z
Summary
Multiple functions can cause double-frees
Details

The following functions in the crate are affected:

IdMap::clone_from

The clone_from implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone() call pancics, then the afformentioned dropped elements can be freed again.

get_or_insert

get_or_insert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped.

remove_set

When removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / id-map

Package

Name
id-map
View open source insights on deps.dev
Purl
pkg:cargo/id-map

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific 

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}