rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/id-map/RUSTSEC-2021-0052.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

1.1 KiB
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2021-0052"
package = "id-map"
aliases = ["CVE-2021-30455", "CVE-2021-30456", "CVE-2021-30457", "GHSA-8gmx-cpcg-f8h5", "GHSA-rccq-j2m7-8fwr", "GHSA-vfqx-hv88-f9cv"]
date = "2021-02-26"
url = "https://github.com/andrewhickman/id-map/issues/3"
categories = ["memory-corruption"]
keywords = ["memory-safety", "double-free"]

[versions]
patched = []

Multiple functions can cause double-frees

The following functions in the crate are affected:

IdMap::clone_from

The clone_from implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone() call pancics, then the afformentioned dropped elements can be freed again.

get_or_insert

get_or_insert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped.

remove_set

When removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.