CVE-2019-15543

Name of the Vulnerable Software and Affected Versions slice-deque crate versions prior to 0.2.0

Description The issue is related to memory corruption in certain allocation cases. Affected versions of the crate can enter a corrupted state if the size of an element is not a multiple of the allocation granularity and a specific allocation pattern is used, allowing an attacker to corrupt the deque. This can result in undefined behavior, such as reading bytes from adjacent elements. The flaw was corrected by using a pair of pointers to track the head and tail of the deque instead of a pair of indices.

Recommendations For versions prior to 0.2.0, update to version 0.2.0 or later, which uses a pair of pointers to track the head and tail of the deque, correcting the flaw.