logo

Database

Inappropriate coding practices In algorithmica

Description

Double free in algorithmica An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. In the affected versions of this crate, merge_sort::merge() wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking merge_sort::merge() on Vec<T: Drop> can cause double free bugs.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-319962. NVD-2021-319963. OSV-2021-319964. GCVE-2021-31996

References

1. https://github.com/AbrarNitk/algorithmica/issues/12. https://rustsec.org/advisories/RUSTSEC-2021-0053.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.