CVE-2021-28031

Name of the Vulnerable Software and Affected Versions: scratchpad versions prior to 1.3.1

Description: An issue was discovered in the scratchpad crate for Rust. The move elements function can have a double-free upon a panic in a user-provided f function. This occurs because affected versions of scratchpad used ptr::read to read elements while calling a user-provided function f on them, duplicating ownership. If a panic happens inside the user-provided f function, it could cause a double free when unwinding.

Recommendations: For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the move elements function with user-provided functions that may panic, until a patch is applied.