CVE-2021-30456

Vulnerability

The get_or_insert function in the id-map crate (all versions up to 2021-02-26) contains a double-free vulnerability. When a user-provided closure f panics after space has been reserved for the new value, the previously dropped values in the map can be freed again, leading to a double free [1][2][3].

Exploitation

An attacker can trigger this vulnerability by providing a closure that panics during the get_or_insert call. No special privileges are required; the attacker only needs to be able to call the function with a panicking closure. The panic can be induced by various means, such as memory exhaustion or a deliberate panic inside the closure [1].

Impact

Successful exploitation results in a double free, which can cause memory corruption. This may lead to arbitrary code execution or denial of service, depending on how the application uses the id-map crate. The vulnerability is classified as memory corruption [3].

Mitigation

As of the RustSec advisory (RUSTSEC-2021-0052), no patched version of the id-map crate exists [3]. The crate appears unmaintained. Users should avoid using the get_or_insert function with untrusted closures or consider migrating to a different map implementation that is actively maintained. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.