`SmallVec::insert_many` is unsound #96
Gist here. A solution to this would be to set
(Sorry for the very verbose explanation in the linked gist but I wanted to link it as part of an article whose audience might not immediately understand the problem).
I would also urge you to publish a fixed version ASAP. Despite the fact that the double free only happens on panic, this bug still can be exploited in a multi-threaded application that catches panics. Also, panics are really easy to trigger in many popular crates.
referenced this issue
Jul 19, 2018
Would you consider yanking vulnerable versions from crates.io?
Existing dependencies on them will continue to work, but people won't be able to make new crates depending on vulnerable versions by following e.g. a tutorial that was not updated following this advisory.
Edit: nevermind, already answered here