GHSA-h5j3-crg5-8jqm

Опубликовано: 21 окт. 2025

Источник: github

Github: Прошло ревью

CVSS4: 2

Описание

orx-pinned-vec has undefined behavior in index_of_ptr with empty slices

The safe function index_of_ptr causes undefined behavior when called with an empty slice.

The issue occurs in the line ptr.add(slice.len() - 1) which underflows when slice.len() is 0, creating a pointer with a massive offset. According to Rust's safety rules, creating such a pointer causes immediate undefined behavior.

Ссылки

https://github.com/orxfun/orx-pinned-vec/issues/52
https://github.com/orxfun/orx-pinned-vec/pull/53
https://github.com/orxfun/orx-pinned-vec/commit/4a4007a1aaff25cd417853c76163883a7110e276
https://rustsec.org/advisories/RUSTSEC-2025-0106.html

Пакеты

Наименование

orx-pinned-vec

rust

Затронутые версииВерсия исправления

< 3.21.0

3.21.0

2 Low

CVSS4

Дефекты

CWE-119

CWE-191

2 Low

CVSS4

Дефекты

CWE-119

CWE-191