Platform
rust
Component
smallvec
Fixed in
0.6.3
0.3.4
0.3.4
0.3.4
CVE-2018-20991 describes a double-free vulnerability discovered in the smallvec Rust library. This flaw arises when an iterator passed to SmallVec::insert_many panics during Iterator::next, leading to destructors being run on an inconsistent vector state. Affected versions are those prior to 0.3.4; the vulnerability is resolved in version 0.3.4 by preventing length updates until items are removed.
The primary impact of CVE-2018-20991 is the potential for application crashes due to memory corruption. A double-free occurs when the same memory location is freed twice, leading to unpredictable behavior and potentially allowing an attacker to trigger a denial-of-service. While the fix prevents double drops, items may be leaked if Iterator::next panics, representing a potential information leak. This vulnerability is particularly concerning in Rust applications relying on smallvec for efficient small vector implementations, as it can undermine memory safety guarantees.
This vulnerability was publicly disclosed on July 19, 2018. There is no indication of active exploitation campaigns targeting this specific CVE. While a public proof-of-concept is not readily available, the nature of the double-free vulnerability makes it potentially exploitable. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.43% (62% percentile)
CVSS Vector
The recommended mitigation for CVE-2018-20991 is to immediately upgrade the smallvec dependency to version 0.3.4 or later. If upgrading is not feasible due to compatibility issues, consider temporarily disabling features that heavily utilize SmallVec::insertmany to reduce the attack surface. While a direct WAF or proxy rule is not applicable, ensuring robust error handling and memory safety practices within the application can help prevent exploitation. After upgrading, confirm the fix by running tests that specifically exercise SmallVec::insertmany and verify that no double-free errors occur during unwinding.
No official patch available. Check for workarounds or monitor for updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2018-20991 is a critical vulnerability in the smallvec Rust library where iterator panics can lead to double-free errors, potentially causing crashes.
You are affected if your project uses smallvec versions prior to 0.3.4. Check your dependencies to determine if an upgrade is needed.
Upgrade the smallvec dependency to version 0.3.4 or later to resolve this double-free vulnerability.
There is no current evidence of active exploitation campaigns targeting CVE-2018-20991, but the vulnerability's nature makes it potentially exploitable.
Refer to the smallvec project's release notes and GitHub repository for information regarding this vulnerability and the fix: https://github.com/blusso/smallvec
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your Cargo.lock file and we'll tell you instantly if you're affected.