CVE-2021-28034

The CVE-2021-28034 issue affects the Rust stack_dst crate prior to 0.6.1. The root cause is in push_inner, which increases the internal array length and then calls val.clone(); if val.clone() panics, a double free/memory-safety issue can occur. Several connected advisories (Red Hat, OSV, GHSA, CN...

CVE-2021-28035

CVE-2021-28035 affects the Rust crate stack_dst, prior to 0.6.1. The root cause is the push_inner behavior, which can cause a drop of uninitialized memory if a val.clone() panics. The issue has been fixed in a later commit (and by upgrading to 0.6.1+). If exploited, this can lead to memory safety...