CVE-2018-20995

Name of the Vulnerable Software and Affected Versions slice-deque crate versions prior to 0.1.16

Description An issue in the slice-deque crate allows memory corruption due to mishandled deque updates. Specifically, when the tail of the deque is in the mirrored memory region before insertion or removal and the head is exactly at the beginning of the mirrored memory region after the operation, the deque's head and tail are not properly updated. This can lead to a corrupted state where an attacker could exploit the issue to alter program execution by causing partial reads and writes, reading uninitialized memory, or accessing memory containing previously dropped objects.

Recommendations For versions prior to 0.1.16, update to version 0.1.16 or later to properly update the head and tail of the deque and prevent memory corruption.