CVE-2021-26954

Name of the Vulnerable Software and Affected Versions: qwutils crate versions prior to 0.3.1

Description: An issue in the qwutils crate can cause a double drop when a Clone panic occurs, specifically in the insert slice clone function. This happens because affected versions of the crate use ptr::copy when inserting into the middle of a Vec, temporarily duplicating ownership and calling the clone method of a user-provided element. If the clone call panics, it can result in an element being double-freed.

Recommendations: For versions prior to 0.3.1, update to version 0.3.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of insert slice clone when working with elements that may panic during cloning, until a patch is applied.