RUSTSEC-2021-0046 on 2021-02-17: misc::vec_with_size() can drop uninitialized memory if clone panics

misc::vec_with_size creates a vector of the provided size and immediately calls vec.set_len(size) on it, initially filling it with uninitialized memory. It then inserts elements using vec[i] = value.clone().

If the value.clone() call panics, uninitialized items in the vector will be dropped leading to undefined behavior.

CVE-2021-29937

GHSA-hpcx-3pw8-g3j2

This crate has no reviews yet. To add a review, set up your cargo-crev.


Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.

To review the actual code of the crate, it's best to use cargo crev open telemetry. Alternatively, you can download the tarball of telemetry v0.1.3 or view the source online.