CVE-2021-29931: 
Rust vulnerability analysis and mitigation

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. The vulnerability (CVE-2021-29931) involves a double drop condition that can occur upon a panic in T::drop(). The issue was reported on January 12, 2021, and was publicly disclosed on April 1, 2021 (RustSec Advisory).

The vulnerability is a memory corruption issue that occurs when a panic happens within T::drop(). Specifically, the double drop can occur in two scenarios: when invoked from common::SliceVec::::resize_with() or common::SliceVec::::resize(). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it is network accessible, requires low attack complexity, needs no privileges or user interaction, and can have a high impact on availability (RustSec Advisory).

The vulnerability can cause memory corruption in the heap memory when triggered. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity. The CVSS scoring indicates that while the vulnerability can be exploited remotely, its primary impact is on system availability through memory corruption (RustSec Advisory).

As of the latest available information, there are no patched versions of the arenavec crate that address this vulnerability. The issue affects all versions through 2021-01-12 (RustSec Advisory).