{"id":"RUSTSEC-2021-0030","summary":"move_elements can double-free objects on panic","details":"Affected versions of `scratchpad` used `ptr::read` to read elements while\ncalling a user provided function `f` on them.\n\nSince the pointer read duplicates ownership, a panic inside the user provided\n`f` function could cause a double free when unwinding.\n\nThe flaw was fixed in commit `891561bea` by removing the unsafe block and using\na plain iterator.","aliases":["CVE-2021-28031","GHSA-3qm2-rfqw-fmrw"],"modified":"2023-11-08T04:05:27.727053Z","published":"2021-02-18T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/scratchpad"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0030.html"},{"type":"REPORT","url":"https://github.com/okready/scratchpad/issues/1"}],"affected":[{"package":{"name":"scratchpad","ecosystem":"crates.io","purl":"pkg:cargo/scratchpad"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"1.3.1"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":["scratchpad::SliceMoveSource::move_elements"]},"affected_functions":null},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0030.json","categories":["memory-corruption"],"informational":null}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}