exploitDog

GHSA-2c6h-4899-wjxr

Опубликовано: 04 апр. 2026

Источник: github

Github: Прошло ревью

CVSS4: 8.7

Описание

scaly: Multiple soundness issues in Rust safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior:

Array<T>::index can perform an out-of-bounds read.
String::get_length can perform an out-of-bounds read.
String::append_character can perform an invalid write.
String::to_c_string can perform an out-of-bounds write.

These issues were reproduced against scaly 0.0.37 under Miri. The crate is unmaintained.

Ссылки

Пакеты

Наименование

scaly

rust

Затронутые версииВерсия исправления

<= 0.0.37

Отсутствует

8.7 High

CVSS4

Дефекты

CWE-125

CWE-787

8.7 High

CVSS4

Дефекты

CWE-125

CWE-787