RUSTSEC-2025-0049

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2025-0049

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0049.json

JSON Data

https://api.test.osv.dev/v1/vulns/RUSTSEC-2025-0049

Published

2025-08-14T12:00:00Z

Modified

2025-08-14T20:48:29Z

Summary

User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows

Details

The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the assumption that the crate upholds all safety guarantees.

This becomes problematic because even safe implementations of get and set-written without using any unsafe code-can still result in ill-formed raw pointers. These pointers may later be dereferenced within safe APIs of the crate (e.g., marker::MarkerBack::allocate_slice_copy), potentially leading to arbitrary memory access or heap buffer overflows.

According to the penultimate commit, the crate is in maintenance mode awaiting a cleanup that will reduce the area of unsafe code. Note that the last commits to the repository are from 4 years ago.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / scratchpad

Package

Name: scratchpad; View open source insights on deps.dev
Purl: pkg:cargo/scratchpad

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Ecosystem specific

{
    "affects": {
        "functions": [
            "scratchpad::Tracking::get",
            "scratchpad::Tracking::set"
        ],
        "os": [],
        "arch": []
    },
    "affected_functions": null
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}