CVE-2021-28028

Name of the Vulnerable Software and Affected Versions: toodee versions prior to 0.3.0

Description: An issue in the toodee crate for Rust can cause a double free upon an iterator panic when inserting rows from an iterator at a particular index. This happens because toodee shifts items over, duplicating their ownership, and the space reserved for new elements is based on the len() returned by the ExactSizeIterator. If the iterator panics, elements in the array can be freed twice. Additionally, uninitialized or previously freed elements can be exposed if the len() does not match the number of elements.

Recommendations: For versions prior to 0.3.0, update to version 0.3.0 or later to fix the issue. As a temporary workaround, consider adding assertions on the number of elements returned by the iterator to prevent potential double free errors. Restrict the use of the row-insertion feature until the update is applied to minimize the risk of exploitation.