Reported

January 12, 2021

Issued

March 7, 2021 (last modified: June 13, 2023)

Package

arenavec (crates.io)

Type

Vulnerability

Categories

• memory-corruption

Aliases

• CVE-2021-29930
• CVE-2021-29931
• GHSA-327x-39hh-65wf
• GHSA-955p-rc5h-hg6h

References

• https://github.com/ibabushkin/arenavec/issues/1

CVSS Score

7.5 HIGH

CVSS Details

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

None

Integrity Impact

None

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Patched

no patched versions

Description

Affected versions of this crate did not guard against potential panics that may happen from user-provided functions T::default() and T::drop().

Panic within T::default() leads to dropping uninitialized T, when it is invoked from common::Slice::<T, H>::new(). Panic within T::drop() leads to double drop of T, when it is invoked either from common::SliceVec::<T, H>::resize_with() or common::SliceVec::<T, H>::resize()

Either case causes memory corruption in the heap memory.

Advisory available under CC0-1.0 license.