CVE-2021-29933: 
Rust vulnerability analysis and mitigation

An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics, leading to a memory corruption vulnerability. The vulnerability is tracked as CVE-2021-29933 and was reported on January 26, 2021, with the advisory being issued on March 26, 2021 (RustSec Advisory).

The vulnerability occurs when ptr::copy is used to move items in a vector to make space before inserting, which duplicates their ownership. When iterating over a provided Iterator to insert new items, if the iterator's .next() method panics, the vector would drop the same elements twice, resulting in a double-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (RustSec Advisory).

The vulnerability can lead to memory corruption through double-free conditions, which could result in program crashes and potential denial of service. The CVSS scoring indicates high impact on availability while confidentiality and integrity remain unaffected (RustSec Advisory).

As of the advisory date, there are no patched versions available for this vulnerability. Users of the insert_many crate should consider alternative implementations or carefully review their use of the library to ensure iterator operations cannot panic (RustSec Advisory).