Yechan Bae

**Name of the Vulnerable Software and Affected Versions** smallvec versions 0.6.13 and earlier smallvec versions 1.x prior to 1.6.1 **Description** A heap-based buffer overflow issue exists due to a bug in the `SmallVec::insert many` method. This method allocated a buffer that was smaller than needed and then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. The bug was triggered when the iterator passed to `insert many` yielded more items than the lower bound returned from its `size hint` method. **Recommendations** For smallvec versions 0.6.13 and earlier, update to version 0.6.14 or later. For smallvec versions 1.x prior to 1.6.1, update to version 1.6.1 or later. As a temporary workaround, consider restricting the use of the `SmallVec::insert many` method until a patch is available.