RUSTSEC-2021-0039

panic in user-provided Endian impl triggers double drop of T

Issued
Package
endian_trait (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Aliases
Details
https://gitlab.com/myrrlyn/endian_trait/-/issues/1
Patched
no patched versions

Description

Affected versions of the crate does not guard against panic from user-provided impl of Endian trait, which is a safe trait that users can implement. If a user-provided implementation of the Endian trait panics, double-drop is triggered due to the duplicated ownership of T created by ptr::read().

Double-drop (or double free) can cause memory corruption in the heap.

More