We found results for “”
WS-2021-0073
Date: March 7, 2021
In the affected versions of Algorithmica crate, merge_sort::merge() wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking merge_sort::merge() on Vec<T: Drop> can cause double free vulnerability.
Language: RUST
Severity Score
Severity Score
Weakness Type (CWE)
Double Free
CWE-415CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |