CVE-2021-29938: Double free in slice-deque

August 25, 2021 (updated March 30, 2023)

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.

References

github.com/advisories/GHSA-p9gf-gmfv-398m
github.com/gnzlbg/slice_deque
github.com/gnzlbg/slice_deque/issues/90
nvd.nist.gov/vuln/detail/CVE-2021-29938
rustsec.org/advisories/RUSTSEC-2021-0047.html

Detect and mitigate CVE-2021-29938 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →