Hi, On Thu, 01 Apr 2021 at 15:47, Léo Le Bouter <lle-b...@zaclys.net> wrote: > CVE-2021-29939 07:15 > An issue was discovered in the stackvector crate through 2021-02-19 for > Rust. There is an out-of-bounds write in StackVec::extend if size_hint > provides certain anomalous data. > > No fix released upstream yet: > https://github.com/Alexhuszagh/rust-stackvector/issues/2 > > Out of bounds write sounds like it could have dangerous consequences, > not sure how likely is "size_hint provides certain anomalous data" > though.
Thanks for the report. Commit 015cd2e86e779907085d356c69b6091dc8ac1788 updating to 1.1.1 should fix the security issue; as upstream said. So, closing. All the best, simon
