Advisories for Cargo/Arenavec package

2025

arenavec has multiple memory corruption vulnerabilities in safe APIs

The crate has the following vulnerabilities: The public trait arenavec::common::AllocHandle allows the return of raw pointers through its methods allocate and allocate_or_extend. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the library safely handles the returned raw pointers. These raw pointers can later be dereferenced within safe APIs of the crate-such as arenavec::common::SliceVec::push-potentially leading to arbitrary memory access. …

2021

Out of bounds write in arenavec

An issue was discovered in the arenavec crate through 0.1.1. A drop of uninitialized memory can sometimes occur upon a panic in T::default()

Double free in arenavec

Affected versions of this crate did not guard against potential panics that may happen from user-provided functions T::default() and T::drop(). Panic within T::default() leads to dropping uninitialized T, when it is invoked from common::Slice::<T, H>::new(). Panic within T::drop() leads to double drop of T, when it is invoked either from common::SliceVec::<T, H>::resize_with() or common::SliceVec::<T, H>::resize() Either case causes memory corruption in the heap memory.