CVE-2021-30457

Name of the Vulnerable Software and Affected Versions id-map crate through 2021-02-26 for Rust

Description A double free issue can occur in the id-map crate due to panic in Drop impl. Specifically, this issue affects the IdMap::clone from, get or insert, and remove set functions. In clone from, if a .clone() call panics, previously dropped elements can be freed again. In get or insert, if the user-provided insertion function f panics, uninitialized or previously freed memory can be dropped. In remove set, if the Drop impl of an element panics, previously dropped elements can be dropped again.

Recommendations For the id-map crate through 2021-02-26, consider avoiding the use of IdMap::clone from, get or insert, and remove set functions until a patch is available. As a temporary workaround, consider implementing custom error handling to prevent panics in the Drop impl and user-provided insertion functions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.