OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-01 17:20:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3c8a9dc31d7ea1dc49d6851aa8a1dfe531ea06bd
advisory-db/crates/algorithmica/RUSTSEC-2021-0053.md
Alexander Kjäll f4a8973706 add cve info to advisories (#1099) 
* add cve info to advisories

* Put `aliases` field in the proper place

It should not be under `[versions]`

* move `aliases` to the proper place

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2021-11-06 21:37:35 +01:00

567 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0053"
package = "algorithmica"
date = "2021-03-07"
url = "https://github.com/AbrarNitk/algorithmica/issues/1"
categories = ["memory-corruption"]
aliases = ["CVE-2021-31996"]

[versions]
patched = []

'merge_sort::merge()' crashes with double-free for T: Drop

In the affected versions of this crate, merge_sort::merge() wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking merge_sort::merge() on Vec<T: Drop> can cause double free bugs.