CVE-2015-20001

Panic safety violation in BinaryHeap

Issued
Package
std
Type
Vulnerability
Categories
  • memory-corruption
Details
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20001
Patched
  • >=1.2.0
Unaffected
  • <1.0.0

Description

In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.

More