RUSTSEC-2021-0010

panic safety: double drop may happen within util::{mutate, mutate2}

Issued
Package
containers (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Aliases
Details
https://github.com/strake/containers.rs/issues/2
Patched
  • >=0.9.11

Description

Upon panic in a user-provided function f, fn mutate() & fn mutate2 drops twice a same object.

Affected versions of this crate did not guard against double drop while temporarily duplicating an object's ownership with ptr::read().

Dropping a same object can result in memory corruption.

The flaw was corrected in version "0.9.11" by fixing the code to abort upon panic.

More