rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/vec-const/RUSTSEC-2021-0082.md
Dirkjan Ochtman 15bad38b93 Set expect-deleted flag for rustdecimal and vec-const
2025-12-17 18:06:41 +01:00

722 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2021-0082"
package = "vec-const"
date = "2021-08-14"
url = "https://github.com/Eolu/vec-const/issues/1#issuecomment-898908241"
categories = ["memory-corruption"]
keywords = ["memory-safety"]
informational = "unsound"
aliases = ["CVE-2021-45680", "GHSA-jmwx-r3gq-qq3p", "GHSA-x76r-966h-5qv9"]
expect-deleted = true

[versions]
patched = [">= 2.0.0"]

vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator.

The implementation was later changed to just construct a std::borrow::Cow.