CVE-2018-20991

Name of the Vulnerable Software and Affected Versions smallvec versions prior to 0.6.3

Description An issue in the smallvec crate for Rust was discovered, where the Iterator implementation mishandles destructors, potentially leading to a double free. This occurs when an iterator passed to SmallVec::insert many panics in Iterator::next, causing destructors to run during unwinding while the vector is in an inconsistent state.

Recommendations For versions prior to 0.6.3, update to version 0.6.3 to resolve the issue. As a temporary workaround, consider avoiding the use of SmallVec::insert many with iterators that may panic in Iterator::next until the update is applied.