Affected versions of nano_arena crate assumed that Borrow<Idx> was guaranteed to return the same value on .borrow(). The borrowed index value was used to retrieve a mutable reference to a value. If the Borrow<Idx> implementation returned a different index, the split arena would allow retrieving the index as a mutable reference creating two mutable references to the same element. This violates Rust’s aliasing rules and allows for memory safety issues such as writing out of bounds and use-after-frees. The flaw was corrected in version 0.5.2 by storing the .borrow() value in a temporary variable.