CVE-2020-35891

Name of the Vulnerable Software and Affected Versions ordnung crate versions through 0.0.1 ordnung crate versions through 2020-09-03

Description The issue concerns the compact::Vec in the ordnung crate, which violates memory safety. This occurs via a remove() double free and out-of-bounds access for large capacity. The remove() function is not panic-safe and causes a double-free when an index larger than the length is provided. Additionally, it mishandles large capacity, causing out-of-bound access in 32-bit and allocator layout mismatch in 64-bit.

Recommendations For ordnung crate versions through 0.0.1, consider disabling the remove() function in compact::Vec to prevent double-free issues until a patch is available. For ordnung crate versions through 2020-09-03, restrict the use of compact::Vec with large capacities to minimize the risk of out-of-bounds access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.