RUSTSEC-2021-0042
insert_many can drop elements twice on panic
- Reported
- Issued
- Package
- insert_many (crates.io)
- Type
- Vulnerability
- Categories
- Keywords
- #memory-safety #double-free
- Aliases
- References
- CVSS Score
- 7.5 HIGH
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- Low
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- None
- Availability
- High
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Patched
- no patched versions
Description
Affected versions of insert_many
used ptr::copy
to move over items in a
vector to make space before inserting, duplicating their ownership. It then
iterated over a provided Iterator
to insert the new items.
If the iterator's .next()
method panics then the vector would drop the same
elements twice.
Advisory available under CC0-1.0 license.