CVE-2019-16139

Name of the Vulnerable Software and Affected Versions compact arena crate versions prior to 0.4.0

Description An issue in the compact arena crate for Rust involves the mishandling of generativity, leading to potential out-of-bounds writes or reads. The affected versions did not properly implement generativity because invariant lifetimes were not necessarily dropped. This allows an attacker to mix up two arenas, using indices created from one arena with another, potentially leading to out-of-bounds read or write access into the memory reserved for the arena.

Recommendations For versions prior to 0.4.0, update to version 0.4.0 to resolve the issue, as it correctly implements generativity.