RUSTSEC-2021-0047

SliceDeque::drain_filter can double drop an element if the predicate panics

Issued
Package
slice-deque (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
Aliases
Details
https://github.com/gnzlbg/slice_deque/issues/90
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Patched
no patched versions
Keywords
  • memory-safety
  • double-free

Description

Affected versions of the crate incremented the current index of the drain filter iterator before calling the predicate function self.pred.

If the predicate function panics, it is possible for the last element in the iterator to be dropped twice.

More