CVE-2019-15554

Name of the Vulnerable Software and Affected Versions smallvec crate versions prior to 0.6.10

Description The issue is related to memory corruption that occurs when attempting to call grow on a spilled SmallVec with a value less than the current capacity. This can cause corruption of memory allocator data structures. An attacker controlling the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution.

Recommendations For versions prior to 0.6.10, update to version 0.6.10 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the grow function on spilled SmallVec instances with values less than the current capacity until a patch is applied.