CVE-2021-29938

HIGH7.5EPSS 0.39%

SliceDeque::drain_filter can double drop an element if the predicate panics

發布日:2021/8/25修改日:2023/11/8

也稱為:GHSA-p9gf-gmfv-398mRUSTSEC-2021-0047

描述

Affected versions of the crate incremented the current index of the drain filter iterator *before* calling the predicate function `self.pred`. If the predicate function panics, it is possible for the last element in the iterator to be dropped twice.

受影響套件(2)

crates.io/slice-dequefrom 0, <= 0.3.0
crates.io/slice-deque>= 0.0.0-0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-29938
PATCHhttps://crates.io/crates/slice-deque
PATCHhttps://github.com/gnzlbg/slice_deque
WEBhttps://github.com/gnzlbg/slice_deque/issues/90
WEBhttps://rustsec.org/advisories/RUSTSEC-2021-0047.html