GHSA-mj73-j457-8x9q

Опубликовано: 02 дек. 2025

Источник: github

Github: Прошло ревью

CVSS4: 1

Описание

maxminddb's Reader::open_mmap unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::open_mmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active.

Ссылки

https://github.com/oschwald/maxminddb-rust/issues/86
https://github.com/oschwald/maxminddb-rust/commit/98f0e4fff9678c841ed33f3b8a46322f6163c32a
https://rustsec.org/advisories/RUSTSEC-2025-0132.html

Пакеты

Наименование

maxminddb

rust

Затронутые версииВерсия исправления

>= 0.11.0, < 0.27.0

0.27.0

1 Low

CVSS4

Дефекты

CWE-915

1 Low

CVSS4

Дефекты

CWE-915