CVE-2020-36464: Use after free in heapless

August 25, 2021

An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.

References

github.com/advisories/GHSA-qgwf-r2jj-2ccv
github.com/japaric/heapless
github.com/japaric/heapless/issues/181
nvd.nist.gov/vuln/detail/CVE-2020-36464
rustsec.org/advisories/RUSTSEC-2020-0145.html

Detect and mitigate CVE-2020-36464 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →