CVE-2021-29938
Description
An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A double drop in slice-deque's drain_filter upon a panic in the predicate function can corrupt memory, leading to possible arbitrary code execution.
Vulnerability
Overview
An issue was discovered in the slice-deque crate for Rust through version 2021-02-19. The SliceDeque::drain_filter function contains a double drop vulnerability that can occur when a user-provided predicate function panics [2][4]. This is a memory safety issue in the DrainFilter iterator, which improperly handles panics during element filtering.
Root
Cause and Mechanism
The root cause lies in the implementation of the DrainFilter iterator. The code increments self.idx before calling the predicate function self.pred [1][2]. If the predicate panics, the iterator has already moved self.idx forward, leaving the deque in an inconsistent state. Subsequent cleanup or dropping of elements can result in a double drop of the same memory location, because the code assumes that no drop will occur on elements in the deque during a panic, as noted by the comment // its elements will not have Drop::drop called on them in the event of a panic. [2]. However, this assumption is violated due to the panic, leading to a double-free condition.
Impact and
Exploitability
A double drop (double free) can corrupt heap memory, potentially leading to crashes or, in the worst case, arbitrary code execution. According to the RustSec advisory, the CVSS score is 7.5 (High) with impact on availability only, but memory corruption vulnerabilities in Rust are often considered critical for overall security [3][4]. No special privileges or user interaction are required, and the attack vector is network (if the library is used in a networked service) [4]. The vulnerability is present in all versions of slice-deque prior to being marked as unmaintained.
Mitigation and
Status
As of the advisory date, no patched version of the slice-deque crate was available [4]; the crate had been unmaintained since 2021. The CVE is also listed in the RustSec Advisory Database (RUSTSEC-2021-0047) [3][4]. Users who rely on slice-deque should consider migrating to alternative implementations, such as deque or vecdeque, or carefully avoid panicking inside drain_filter predicates until a fix is available.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
slice-dequecrates.io | <= 0.3.0 | — |
Affected products
2- Rust/slice-dequedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-p9gf-gmfv-398mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29938ghsaADVISORY
- github.com/gnzlbg/slice_deque/issues/90ghsaWEB
- rustsec.org/advisories/RUSTSEC-2021-0047.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.