CVE-2021-29929: Double free in endian_trait
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.59217%
CWE
Published
8/25/2021
Updated
1/9/2023
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
endian_trait | rust | <= 0.6.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the slice trait implementations that use ptr::read to create a duplicate ownership of values while performing endian conversions. All four methods (from_be, from_le, to_be, to_le) in the Endian impl for mutable slices contain unsafe blocks that: 1. Read the value with ptr::read (creating a new owned value) 2. Perform user-provided conversion (which might panic) 3. Write back with ptr::write. If the user's Endian impl panics between steps 1-3, both the original slice element and the ptr::read-created value will be dropped, causing a double free. The GitLab issue explicitly shows this pattern in src/slices.rs and provides a PoC demonstrating heap corruption through this mechanism.