Reported

January 12, 2021

Issued

January 20, 2021 (last modified: June 13, 2023)

Package

containers (crates.io)

Type

Vulnerability

Categories

• memory-corruption

Aliases

• CVE-2021-25907
• GHSA-cv7x-6rc6-pq5v

References

• https://github.com/strake/containers.rs/issues/2

CVSS Score

9.8 CRITICAL

CVSS Details

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

High

Integrity Impact

High

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

• >=0.9.11

Description

Upon panic in a user-provided function f, fn mutate() & fn mutate2 drops twice a same object.

Affected versions of this crate did not guard against double drop while temporarily duplicating an object's ownership with ptr::read().

Dropping a same object can result in memory corruption.

The flaw was corrected in version "0.9.11" by fixing the code to abort upon panic.

Advisory available under CC0-1.0 license.