endian_trait_derive (>=0.2.0 <=0.4.0) potentially affected by CVE-2021-29929 via endian_trait (>=0.2.0 <=0.3.0)

endiantrait CARGO version =0.2.0, =0.2.0, =0.4.0 Source cves: CVE-2021-29929 Source advisory: OSV:GHSA-VPW8-43WM-RXW5...

CVE-2021-29929

An issue was discovered in the endiantrait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics...

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in endiantrait crate for Rust 2021-01-04 and earlier versions, which stems from an error that can occur when a user-supplied endian impl occurs panic. No detailed...

endian_trait_derive (>=0.2.0 <=0.4.0) potentially affected by CVE-2021-29929 via endian_trait (>=0.2.0 <=0.3.0)

endiantrait CARGO version =0.2.0, =0.2.0, =0.4.0 Source cves: CVE-2021-29929 Source advisory: OSV:RUSTSEC-2021-0039...

panic in user-provided `Endian` impl triggers double drop of T

Affected versions of the crate does not guard against panic from user-provided impl of Endian trait, which is a safe trait that users can implement. If a user-provided implementation of the Endian trait panics, double-drop is triggered due to the duplicated ownership of T created by ptr::read...