CVE-2018-20991 – smallvec

Package

Manager: cargo
Name: smallvec
Vulnerable Version: >=0.3.2 <0.6.3

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00425 pctl0.61399

Details

Double free in smallvec If an iterator passed to SmallVec::insert_many panicked in Iterator::next, destructors were run during unwinding while the vector was in an inconsistent state, possibly causing a double free (a destructor running on two copies of the same value). This is fixed in smallvec 0.6.3 by ensuring that the vector's length is not updated to include moved items until they have been removed from their original positions. Items may now be leaked if Iterator::next panics, but they will not be dropped more than once.

Metadata

Created: 2021-08-25T20:42:54Z
Modified: 2023-06-13T20:58:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-rxr4-x558-x7hw/GHSA-rxr4-x558-x7hw.json
CWE IDs: ["CWE-415"]
Alternative ID: GHSA-rxr4-x558-x7hw
Finding: F138
Auto approve: 1