OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bdcf1d329d92988f58df1aff1f784efd6769742d
advisory-db/crates/id-map/RUSTSEC-2021-0052.md
Yechan Bae ce4db769c2 Update CVE numbers (#870)
2021-04-13 14:10:09 -07:00

1.1 KiB
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0052"
package = "id-map"
aliases = [
    "CVE-2021-30455",
    "CVE-2021-30456",
    "CVE-2021-30457",
]
date = "2021-02-26"
url = "https://github.com/andrewhickman/id-map/issues/3"
categories = ["memory-corruption"]
keywords = ["memory-safety", "double-free"]

[versions]
patched = []

Multiple functions can cause double-frees

The following functions in the crate are affected:

IdMap::clone_from

The clone_from implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone() call pancics, then the afformentioned dropped elements can be freed again.

get_or_insert

get_or_insert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped.

remove_set

When removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.