CVE-2021-26954: insert_slice_clone can double drop if Clone panics.
(updated )
Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element.
This issue can result in an element being double-freed if the clone call panics.
Commit 20cb73d
fixed this issue by adding a set_len(0) call before operating on the vector to avoid dropping the elements during a panic.
References
Detect and mitigate CVE-2021-26954 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →