CVE-2021-29940: 
Rust vulnerability analysis and mitigation

An issue was discovered in the through crate through 2021-02-18 for Rust. The vulnerability involves a double free vulnerability in the through and through_and functions that occurs when the map function panics (RustSec Advisory, NVD).

The vulnerability occurs because through and through_and functions take a mutable reference and a mapping function to change the provided reference. They implement this by calling ptr::read on the reference which duplicates ownership and then calling the mapping function. If the mapping function panics, both the original object and the one duplicated by ptr::read get dropped, resulting in a double free condition. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (RustSec Advisory).

The double free vulnerability can lead to memory corruption, potentially allowing attackers to execute arbitrary code or cause denial of service conditions. The CVSS score of 9.8 indicates critical severity with high impact on confidentiality, integrity, and availability (RustSec Advisory).

As of the advisory date, there are no patched versions available for this vulnerability. Users should avoid using the through and through_and functions with mapping functions that might panic (RustSec Advisory).