CVE-2019-15551

Name of the Vulnerable Software and Affected Versions smallvec crate versions prior to 0.6.10

Description An issue in the smallvec crate allows for a double free when attempting to call grow on a spilled SmallVec with a value equal to the current capacity, potentially leading to use-after-free on subsequent accesses to the SmallVec contents. An attacker controlling the value passed to grow may exploit this to obtain memory contents or gain remote code execution.

Recommendations For versions prior to 0.6.10, update to version 0.6.10 or later to resolve the issue. As a temporary workaround, consider restricting the use of the grow function on spilled SmallVec instances to minimize the risk of exploitation.