CVE-2021-30456

Name of the Vulnerable Software and Affected Versions id-map crate through 2021-02-26 for Rust

Description A double free issue can occur in the id-map crate due to panic in user-provided functions. Specifically, the IdMap::clone from, get or insert, and remove set functions are affected. In clone from, if a .clone() call panics, previously dropped elements can be freed again. In get or insert, if the user-provided insertion function f panics, uninitialized or previously freed memory can be dropped. In remove set, if the Drop implementation of an element panics, previously dropped elements can be dropped again.

Recommendations For id-map crate through 2021-02-26, consider updating to a version released after 2021-02-26 to mitigate the risk of double free issues. As a temporary workaround, consider implementing custom error handling for the IdMap::clone from, get or insert, and remove set functions to prevent panics from occurring. Restrict the use of user-provided functions in get or insert to minimize the risk of exploitation. Avoid using the remove set function with elements that have a Drop implementation that may panic.