From ed23fda8bc480d8bd5cc2196f2902316f80e4123 Mon Sep 17 00:00:00 2001 From: djc <158471+djc@users.noreply.github.com> Date: Mon, 1 Sep 2025 07:58:17 +0000 Subject: [PATCH] Assigned RUSTSEC-2025-0053 to arenavec --- .duplicate-id-guard | 2 +- .../arenavec/{RUSTSEC-0000-0000.md => RUSTSEC-2025-0053.md} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename crates/arenavec/{RUSTSEC-0000-0000.md => RUSTSEC-2025-0053.md} (95%) diff --git a/.duplicate-id-guard b/.duplicate-id-guard index a0f3bfa9..4d412ea2 100644 --- a/.duplicate-id-guard +++ b/.duplicate-id-guard @@ -1,3 +1,3 @@ This file causes merge conflicts if two ID assignment jobs run concurrently. This prevents duplicate ID assignment due to a race between those jobs. -ca6ad962992b5084a9d9f1c7fdd86e86515f9608997d1d62963e1f60cbd436b0 - +9a01a60d704d21710008e1cbda0135d3ab4b33923d77f677c5d11f1450f9eec4 - diff --git a/crates/arenavec/RUSTSEC-0000-0000.md b/crates/arenavec/RUSTSEC-2025-0053.md similarity index 95% rename from crates/arenavec/RUSTSEC-0000-0000.md rename to crates/arenavec/RUSTSEC-2025-0053.md index 66b3b592..00639136 100644 --- a/crates/arenavec/RUSTSEC-0000-0000.md +++ b/crates/arenavec/RUSTSEC-2025-0053.md @@ -1,6 +1,6 @@ ```toml [advisory] -id = "RUSTSEC-0000-0000" +id = "RUSTSEC-2025-0053" package = "arenavec" date = "2025-08-14" @@ -28,4 +28,4 @@ The crate has the following vulnerabilities: - The safe API `arenavec::common::SliceVec::reserve` can reach the private function `arenavec::common::allocate_inner`. Incorrect behavior in `allocate_inner` may result in a `SliceVec` with an increased capacity, even though the underlying memory has not actually been expanded. This mismatch between `SliceVec.capacity` and the actual reserved memory can lead to a heap buffer overflow. -- The safe API `arenavec::common::SliceVec::split_off` can duplicate the ownership of the elements in `self` (of type `SliceVec`) if they implement the `Drop` trait. Specifically, when `at == 0`, the method returns a new `SliceVec` with the same length as `self`. Since both `self` and the returned object point to the same heap memory, dropping one will deallocate the shared memory. When the other is subsequently dropped, it will attempt to free the same memory again, resulting in a double free violation. \ No newline at end of file +- The safe API `arenavec::common::SliceVec::split_off` can duplicate the ownership of the elements in `self` (of type `SliceVec`) if they implement the `Drop` trait. Specifically, when `at == 0`, the method returns a new `SliceVec` with the same length as `self`. Since both `self` and the returned object point to the same heap memory, dropping one will deallocate the shared memory. When the other is subsequently dropped, it will attempt to free the same memory again, resulting in a double free violation.