RUSTSEC-2026-0205
ADVISORY - rustsecSummary
In affected versions of this crate, Array::insert is not exception safe. In the UPSERT path, key and value's snapshot is written to self.data_block, and after the insertion is completed, key and value are mem::forget in order to prevent double free. However, during the insertion, K::compare is invoked, which is a user-provided method. If user deliberately call panic in this function, during unwinding, the destructors of key, value, and self will all be called (since the mem::forget has not been called yet), leading to Double Free. Similar issues happens in the !UPSERT path.
The soundness issue was fixed in version 3.8.4 by using ManuallyDrop instead of mem::forget, and separating fallible code from infallible code during a node split - insert = insert_try -> insert_unchecked.
Common Weakness Enumeration (CWE)
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in