RUSTSEC-2020-0132

FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

Issued
Package
array-tools (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Details
https://github.com/L117/array-tools/issues/2
Patched
  • >=0.3.2

Description

Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone() panics in FixedCapacityDequeLike<T, A>::clone(). This causes memory corruption.

More