{"id":"GHSA-8gmx-cpcg-f8h5","summary":"Double-free in id-map","details":"The clone_from implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone() call pancics, then the afformentioned dropped elements can be freed again.\nget_or_insert\n\nget_or_insert reserves space for a value, before calling the user provided insertion function f. If the function f panics then uninitialized or previously freed memory can be dropped.\nremove_set\n\nWhen removing a set of elements, ptr::drop_in_place is called on each of the element to be removed. If the Drop impl of one of these elements panics then the previously dropped elements can be dropped again.","aliases":["CVE-2021-30455","CVE-2021-30456","CVE-2021-30457","GHSA-rccq-j2m7-8fwr","GHSA-vfqx-hv88-f9cv","RUSTSEC-2021-0052"],"modified":"2024-03-15T00:05:24.656544Z","published":"2021-08-25T20:55:11Z","database_specific":{"github_reviewed":true,"github_reviewed_at":"2021-08-19T17:04:17Z","nvd_published_at":null,"severity":"CRITICAL","cwe_ids":["CWE-415"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30455"},{"type":"WEB","url":"https://github.com/andrewhickman/id-map/issues/3"},{"type":"PACKAGE","url":"https://github.com/andrewhickman/id-map"},{"type":"WEB","url":"https://rustsec.org/advisories/RUSTSEC-2021-0052.html"}],"affected":[{"package":{"name":"id-map","ecosystem":"crates.io","purl":"pkg:cargo/id-map"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"last_affected":"0.2.1"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-8gmx-cpcg-f8h5/GHSA-8gmx-cpcg-f8h5.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}