CVE-2021-29940

Name of the Vulnerable Software and Affected Versions through crate versions prior to 2021-02-18

Description The issue arises from the through and through and functions, which take a mutable reference and a mapping function. These functions duplicate ownership by calling ptr::read on the reference, and then call the mapping function. If the mapping function panics, both the original object and the duplicated object are dropped, resulting in a double free.

Recommendations For versions prior to 2021-02-18, consider restricting the use of the through and through and functions until a patch is available. As a temporary workaround, avoid using these functions with mapping functions that may panic. At the moment, there is no information about a newer version that contains a fix for this vulnerability.