CVE-2021-29939

Name of the Vulnerable Software and Affected Versions stackvector crate through 2021-02-19

Description The issue is related to an out-of-bounds write in StackVec::extend when size hint provides certain anomalous data. Specifically, if the size hint implementation returns a lower bound that is larger than the upper bound, StackVec will write out of bounds and overwrite memory on the stack. According to the size hint documentation, it is mainly used for optimization, and incorrect implementations should not lead to memory safety issues.

Recommendations For the stackvector crate through 2021-02-19, consider avoiding the use of StackVec::extend with iterators that may provide anomalous size hint data until a fix is available. As a temporary workaround, review and correct any custom size hint implementations to ensure they do not return a lower bound larger than the upper bound. At the moment, there is no information about a newer version that contains a fix for this issue.