{"id":"RUSTSEC-2021-0028","summary":"Multiple memory safety issues in insert_row","details":"When inserting rows from an iterator at a particular index, `toodee` would shift\nitems over, duplicating their ownership. The space reserved for the new elements\nwas based on the `len()` returned by the `ExactSizeIterator`.\n\nThis could result in elements in the array being freed twice if the iterator\npanics. Uninitialized or previously freed elements could also be exposed if the\n`len()` didn't match the number of elements.\n\nThese issues were fixed in commit `ced70c17` by temporarily setting the length\nof the array smaller while processing it and adding assertions on the number\nof elements returned by the iterator.","aliases":["CVE-2021-28028","CVE-2021-28029","GHSA-wcvp-r8j8-47pc","GHSA-xm9m-2vj8-fmfr"],"modified":"2023-11-08T04:05:27.607591Z","published":"2021-02-19T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/toodee"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0028.html"},{"type":"REPORT","url":"https://github.com/antonmarsden/toodee/issues/13"}],"affected":[{"package":{"name":"toodee","ecosystem":"crates.io","purl":"pkg:cargo/toodee"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.3.0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":["toodee::TooDee::insert_row"],"arch":[]},"affected_functions":null},"database_specific":{"cvss":null,"informational":null,"categories":["memory-corruption"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0028.json"}}],"schema_version":"1.7.3"}