- CVSS Score
- CVSS Details
- Attack vector
- Attack complexity
- Privileges required
- User interaction
- CVSS Vector
- Affected Functions
Affected versions of this crate assumed that
Borrow<Idx> was guaranteed to
return the same value on
.borrow(). The borrowed index value was used to
retrieve a mutable reference to a value.
Borrow<Idx> implementation returned a different index, the split arena
would allow retrieving the index as a mutable reference creating two mutable
references to the same element. This violates Rust's aliasing rules and allows
for memory safety issues such as writing out of bounds and use-after-frees.
The flaw was corrected in commit
6b83f9d by storing the
.borrow() value in
a temporary variable.