rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
8c05fea5fa6e1776c015b855eebaa344d00e28a7
advisory-db/crates/endian_trait/RUSTSEC-2021-0039.md
Alexis Mousset 8c05fea5fa Add cvss information from nvd (#1085)
2021-10-19 16:14:35 -06:00

738 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0039"
package = "endian_trait"
aliases = ["CVE-2021-29929"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
date = "2021-01-04"
url = "https://gitlab.com/myrrlyn/endian_trait/-/issues/1"
categories = ["memory-corruption"]

[versions]
patched = []

panic in user-provided Endian impl triggers double drop of T

Affected versions of the crate does not guard against panic from user-provided impl of Endian trait, which is a safe trait that users can implement. If a user-provided implementation of the Endian trait panics, double-drop is triggered due to the duplicated ownership of T created by ptr::read().

Double-drop (or double free) can cause memory corruption in the heap.