CVE-2021-30455

Name of the Vulnerable Software and Affected Versions id-map crate through 2021-02-26 for Rust

Description The issue concerns a double free error that can occur in the id-map crate. This happens in the IdMap::clone from function when a .clone() call panics, causing previously dropped elements to be freed again. Additionally, the get or insert function can lead to a double free if the user-provided insertion function f panics, resulting in the dropping of uninitialized or previously freed memory. The remove set function is also affected, where a panic in the Drop implementation of an element can cause previously dropped elements to be dropped again.

Recommendations For the id-map crate through 2021-02-26, consider avoiding the use of the IdMap::clone from, get or insert, and remove set functions until a patch is available. As a temporary workaround, consider implementing custom error handling to prevent panics in the user-provided insertion function f and the Drop implementation of elements. At the moment, there is no information about a newer version that contains a fix for this vulnerability.