{"id":"RUSTSEC-2021-0033","summary":"push_cloned can drop uninitialized memory or double free on panic","details":"Affected versions of `stack_dst` used a `push_inner` function that increased\nthe internal length of the array and then called `val.clone()`.\n\nIf the `val.clone()` call panics, the stack could drop an already dropped\nelement or drop uninitialized memory.\n\nThis issue was fixed in `2a4d538` by increasing the length of the array after\nelements are cloned.","aliases":["CVE-2021-28034","CVE-2021-28035","GHSA-45w7-7g63-2m5w","GHSA-8mjx-h23h-w2pg"],"modified":"2023-11-08T04:05:27.911039Z","published":"2021-02-22T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/stack_dst"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0033.html"},{"type":"REPORT","url":"https://github.com/thepowersgang/stack_dst-rs/issues/5"}],"affected":[{"package":{"name":"stack_dst","ecosystem":"crates.io","purl":"pkg:cargo/stack_dst"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.6.1"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":["stack_dst::StackA::push_cloned"]},"affected_functions":null},"database_specific":{"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0033.json","cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","categories":["memory-corruption"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}