- Reported
-
- Issued
-
- Package
-
algorithmica
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- Details
-
https://github.com/AbrarNitk/algorithmica/issues/1
- Patched
-
no patched versions
Description
In the affected versions of this crate, merge_sort::merge()
wildly duplicates and drops ownership of T
without guarding against double-free. Due to such implementation,
simply invoking merge_sort::merge()
on Vec<T: Drop>
can cause double free bugs.