Reported

February 22, 2021

Issued

March 3, 2021 (last modified: June 13, 2023)

Package

stack_dst (crates.io)

Type

Vulnerability

Categories

• memory-corruption

Keywords

#memory-safety #double-free

Aliases

• CVE-2021-28034
• CVE-2021-28035
• GHSA-45w7-7g63-2m5w
• GHSA-8mjx-h23h-w2pg

References

• https://github.com/thepowersgang/stack_dst-rs/issues/5

CVSS Score

9.8 CRITICAL

CVSS Details

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

High

Integrity Impact

High

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

• >=0.6.1

Affected Functions

Version

stack_dst::StackA::push_cloned

• <0.6.1

Description

Affected versions of stack_dst used a push_inner function that increased the internal length of the array and then called val.clone().

If the val.clone() call panics, the stack could drop an already dropped element or drop uninitialized memory.

This issue was fixed in 2a4d538 by increasing the length of the array after elements are cloned.

Advisory available under CC0-1.0 license.