Описание
move_elements can double-free objects on panic
Affected versions of scratchpad used ptr::read to read elements while calling a user provided function f on them. Since the pointer read duplicates ownership, a panic inside the user provided f function could cause a double free when unwinding.
The flaw was fixed in commit 891561bea by removing the unsafe block and using a plain iterator.
Пакеты
Наименование
scratchpad
rust
Затронутые версииВерсия исправления
< 1.3.1
1.3.1
Связанные уязвимости
CVSS3: 9.8
nvd
почти 5 лет назад
An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.