CVE-2021-29929

Name of the Vulnerable Software and Affected Versions endian trait crate through 2021-01-04

Description The issue arises when a user-provided implementation of the Endian trait panics, triggering a double-drop due to duplicated ownership of T created by ptr::read(). This double-drop can cause memory corruption in the heap.

Recommendations For versions of the endian trait crate through 2021-01-04, consider restricting the use of user-provided Endian trait implementations until a patch is available to prevent panic-induced double-drop issues. As a temporary workaround, ensure that all user-provided implementations of the Endian trait are thoroughly tested to prevent panics. At the moment, there is no information about a newer version that contains a fix for this vulnerability.