Double-Free / Use-After-Free (UAF) in the IntoIter::drop and ThinVec::clear functions in the thin_vec crate. A panic in ptr::drop_in_place skips setting the length to zero.
The product calls free() twice on the same memory address.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Thin-vec | Mozilla | 0.2.15 (including) | 0.2.15 (including) |
| Rust-thin-vec | Ubuntu | questing | * |