OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0fcce3f7cbbc76da50ab0d778399bf85dc141834
advisory-db/crates/slice-deque/RUSTSEC-2021-0047.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

689 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0047"
package = "slice-deque"
aliases = ["CVE-2021-29938", "GHSA-p9gf-gmfv-398m"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
date = "2021-02-19"
url = "https://github.com/gnzlbg/slice_deque/issues/90"
categories = ["memory-corruption"]
keywords = ["memory-safety", "double-free"]

[versions]
patched = []

SliceDeque::drain_filter can double drop an element if the predicate panics

Affected versions of the crate incremented the current index of the drain filter iterator before calling the predicate function self.pred.

If the predicate function panics, it is possible for the last element in the iterator to be dropped twice.