mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-25 04:40:44 +01:00

Files

David Marshall cd87335b46 Update RUSTSEC-2021-0049.md (#941 )

https://nvd.nist.gov/vuln/detail/CVE-2021-29940

2021-06-16 23:05:39 +02:00

727 B

Raw Blame History

[advisory]
id = "RUSTSEC-2021-0049"
package = "through"
aliases = ["CVE-2021-29940"]
date = "2021-02-18"
url = "https://github.com/gretchenfrage/through/issues/1"
categories = ["memory-corruption"]
keywords = ["memory-safety", "double-free"]

[versions]
patched = []

`through` and `through_and` causes a double free if the map function panics

through and through_and take a mutable reference as well as a mapping function to change the provided reference. They do this by calling ptr::read on the reference which duplicates ownership and then calling the mapping function.

If the mapping function panics, both the original object and the one duplicated by ptr::read get dropped, causing a double free.

727 B Raw Blame History

through and through_and causes a double free if the map function panics

727 B

Raw Blame History

`through` and `through_and` causes a double free if the map function panics