- Reported
-
- Issued
-
- Package
-
slice-deque
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#memory-safety
#double-free
- Aliases
-
- Details
-
https://github.com/gnzlbg/slice_deque/issues/90
- CVSS Score
- 7.5
HIGH
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- Low
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- None
- Availability
- High
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Patched
-
no patched versions
Description
Affected versions of the crate incremented the current index of the drain filter
iterator before calling the predicate function self.pred.
If the predicate function panics, it is possible for the last element in the
iterator to be dropped twice.