Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs
The crate slice-ring-buffer was developed as a fork of slice-deque to continue maintenance and provide security patches, since the latter has been officially unmaintained (RUSTSEC-2020-0158). While slice-ring-buffer has addressed some previously reported memory safety issues inherited from its fork origin (RUSTSEC-2021-0047), it still retains multiple unresolved memory corruption vulnerabilities. Specifically, we have discovered four new memory safety bugs, each resulting in double-free violations that can occur when only safe APIs …