GHSA-9fjq-45qv-pcm7

Опубликовано: 26 дек. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6.6

Описание

ruint affected by unsoundness of safe reciprocal_mg10

The function reciprocal_mg10 is marked as safe but can trigger undefined behavior (out-of-bounds access) because it relies on debug_assert! for safety checks instead of assert!.

When compiled in release mode, the debug_assert! is optimized out, potentially allowing invalid inputs to cause memory corruption.

Ссылки

https://github.com/recmo/uint/issues/550
https://github.com/recmo/uint/blob/17c9b3e9062f74a39701e68dec358375595d33d7/src/algorithms/div/reciprocal.rs#L79-L87
https://rustsec.org/advisories/RUSTSEC-2025-0137.html

Пакеты

Наименование

ruint

rust

Затронутые версииВерсия исправления

<= 1.17.0

Отсутствует

6.6 Medium

CVSS4

Дефекты

CWE-119

6.6 Medium

CVSS4

Дефекты

CWE-119