Описание
Double free in containers
Upon panic in a user-provided function f, fn mutate() & fn mutate2 drops twice a same object.
Affected versions of this crate did not guard against double drop while temporarily duplicating an object's ownership with ptr::read().
Dropping a same object can result in memory corruption.
The flaw was corrected in version "0.9.11" by fixing the code to abort upon panic.
Пакеты
Наименование
containers
rust
Затронутые версииВерсия исправления
< 0.9.11
0.9.11
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.