Bug 1184748 (CVE-2021-31162) - VUL-0: CVE-2021-31162: rust: double free can occur in the Vec:from_iter function if freeing the element panics
Summary: VUL-0: CVE-2021-31162: rust: double free can occur in the Vec:from_iter funct...
Status: RESOLVED FIXED
Alias: CVE-2021-31162
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Assignee: William Brown
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/282010/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-31162:8.1:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-14 14:46 UTC by Robert Frohl
Modified: 2022-01-21 12:59 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-04-14 14:46:54 UTC 
CVE-2021-31162

In the standard library in Rust before 1.53.0, a double free can occur in the
Vec::from_iter function if freeing the element panics.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162
https://github.com/rust-lang/rust/issues/83618
https://github.com/rust-lang/rust/pull/83629
Comment 1 Robert Frohl 2021-04-14 15:12:49 UTC 
was maybe introduced with 1.48.0, need to have a closer look to be sure
Comment 2 Federico Mena Quintero 2021-06-10 01:38:44 UTC 
Indeed there is a double-free bug, but it happens during panicking.  The process will abort shortly due to the panic.  I don't think this is super critical.
Comment 3 Robert Frohl 2022-01-21 12:59:28 UTC 
Does not affect any supported version anymore. Updated tracking. Closing