{"id":"RUSTSEC-2021-0049","summary":"`through` and `through_and` causes a double free if the map function panics","details":"`through` and `through_and` take a mutable reference as well as a mapping\nfunction to change the provided reference. They do this by calling `ptr::read`\non the reference which duplicates ownership and then calling the mapping\nfunction.\n\nIf the mapping function panics, both the original object and the one\nduplicated by `ptr::read` get dropped, causing a double free.","aliases":["CVE-2021-29940","GHSA-5hpj-m323-cphm"],"modified":"2023-11-08T04:05:44.127003Z","published":"2021-02-18T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/through"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0049.html"},{"type":"REPORT","url":"https://github.com/gretchenfrage/through/issues/1"}],"affected":[{"package":{"name":"through","ecosystem":"crates.io","purl":"pkg:cargo/through"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":[],"arch":[],"os":[]}},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0049.json","categories":["memory-corruption"],"informational":null,"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}