Miggo Logo
Miggo Vulnerability Database
CVE-2021-29933

CVE-2021-29933:
Double free in insert_many

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-29933
GHSA ID
GHSA-29hg-r7c7-54fr
EPSS Score
0.59217%
CWE
CWE-415
Published
8/25/2021
Updated
1/9/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
insert_manyrust<= 0.1.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in the macro-generated insert_many implementation shown in lib.rs. The unsafe block: 1) Copies elements with ptr::copy (creating duplicate ownership), 2) Iterates with panic-prone next(), 3) Only updates length after successful iteration. A panic between steps 1-3 leaves the vector with original length but copied elements, causing double-free during unwinding. The GitHub issue provides a concrete code example demonstrating this sequence, and the CWE-415 classification confirms the double-free nature.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** ins*rt_m*ny *r*t* t*rou** ****-**-** *or Rust. *l*m*nts m*y ** *ropp** twi** i* * .n*xt() m*t*o* p*ni*s.

Reasoning

T** vuln*r**ility m*ni**sts in t** m**ro-**n*r*t** `ins*rt_m*ny` impl*m*nt*tion s*own in `li*.rs`. T** uns*** *lo*k: *) *opi*s *l*m*nts wit* `ptr::*opy` (*r**tin* *upli**t* own*rs*ip), *) It*r*t*s wit* `p*ni*-pron* n*xt()`, *) Only up**t*s l*n*t* **t