CVE-2021-28032

Name of the Vulnerable Software and Affected Versions: nano arena crate versions prior to 0.5.2

Description: An issue was discovered in the nano arena crate, where an aliasing violation occurs in the split at function. This happens because two mutable references can exist for the same element if Borrow<Idx> behaves in certain ways, leading to potential memory safety issues such as out-of-bounds writes or use-after-frees.

Recommendations: For versions prior to 0.5.2, update to version 0.5.2 or later to resolve the issue. As a temporary workaround, consider modifying the split at function to store the .borrow() value in a temporary variable, similar to the correction made in commit 6b83f9d.