OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e01a455b26ebcd61e190bee55c3f41b6194e0dc6
advisory-db/crates/through/RUSTSEC-2021-0049.md
Alexis Mousset 8c05fea5fa Add cvss information from nvd (#1085)
2021-10-19 16:14:35 -06:00

781 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0049"
package = "through"
aliases = ["CVE-2021-29940"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
date = "2021-02-18"
url = "https://github.com/gretchenfrage/through/issues/1"
categories = ["memory-corruption"]
keywords = ["memory-safety", "double-free"]

[versions]
patched = []

through and through_and causes a double free if the map function panics

through and through_and take a mutable reference as well as a mapping function to change the provided reference. They do this by calling ptr::read on the reference which duplicates ownership and then calling the mapping function.

If the mapping function panics, both the original object and the one duplicated by ptr::read get dropped, causing a double free.