- Reported
-
- Issued
-
- Package
-
algorithmica
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
no patched versions
Description
In the affected versions of this crate, merge_sort::merge() wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation,
simply invoking merge_sort::merge() on Vec<T: Drop> can cause double free bugs.
Advisory available under CC0-1.0
license.