CVE-2021-29935

Name of the Vulnerable Software and Affected Versions rocket crate versions prior to 0.4.7

Description The issue arises when a user-provided function panics, causing a use-after-free in uri::Formatter. This occurs because a &str is transmuted to a &'static str before being pushed into a StackVec, and then popped later in the same function. If the user-provided function panics, the assumption that the reference is valid while the method's stack is active is no longer true, resulting in an illegal static reference to the string. This can lead to a freed string being used during or after panic unwinding, such as in a Drop implementation or through catch unwind.

Recommendations For versions prior to 0.4.7, update to version 0.4.7 or later to resolve the issue. As a temporary workaround, consider using a guard object to ensure that the &'static str is dropped inside the function, similar to the correction made in commit e325e2f. Avoid using the uri::Formatter function with user-provided functions that may panic until the issue is resolved.