RUSTSEC-2020-0145

Use-after-free when cloning a partially consumed Vec iterator

Issued
Package
heapless (crates.io)
Type
Unsound
Categories
  • memory-corruption
  • memory-exposure
Details
https://github.com/japaric/heapless/issues/181
Patched
  • >=0.6.1
Keywords
  • use-after-free
Affected Functions
Version
heapless::vec::IntoIter::clone
  • <=0.6

Description

The IntoIter Clone implementation clones the whole underlying Vec. If the iterator is partially consumed the consumed items will be copied, thus creating a use-after-free access.

A proof of concept is available in the original bug report.

More