Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4NGotZnhyNy1qeGc4

High EPSS: 0.00334% (0.55504 Percentile) EPSS:
Permalink JSON

Double free in glsl-layout

Affected Packages Affected Versions Fixed Versions
cargo:glsl-layout
PURL: pkg:cargo/glsl-layout
< 0.4.0 0.4.0
14 Dependent packages
145 Dependent repositories
315,145 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.3.2

All unaffected versions

0.4.0, 0.4.1, 0.4.2, 0.5.0

Affected versions of this crate did not guard against panic within the user-provided function f (2nd parameter of fn map_array), and thus panic within f causes double drop of a single object.

The flaw was corrected in the 0.4.0 release by wrapping the object vulnerable to a double drop within ManuallyDrop.

References:

Identifiers

GHSA-cx4j-fxr7-jxg8

CVE-2021-25902

Risk

Severity

High

EPSS

EPSS Percentage: 0.00334

EPSS Percentile: 0.55504

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/rustgd/glsl-layout

Date and time

Published

about 4 years ago

Updated

almost 2 years ago

API

JSON