RUSTSEC-2025-0050

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2025-0050

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0050.json

JSON Data

https://api.test.osv.dev/v1/vulns/RUSTSEC-2025-0050

Published

2025-08-14T12:00:00Z

Modified

2025-08-15T18:42:09Z

Summary

IdMap::from_iter may lead to uninitialized memory being freed on drop

Details

Due to a flaw in the constructor id_map::IdMap::from_iter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is constructed from the provided iterator. However, the length of this vector may be smaller than its capacity.

In such cases, when the resulting IdMap is dropped, its destructor incorrectly assumes that values contains ids.len() == values.capacity() initialized elements and attempts to iterate over and drop them. This leads to dereferencing and attempting to free uninitialized memory, resulting in undefined behavior and potential segmentation faults.

The bug was fixed in commit fab6922, and all unsafe code was removed from the crate.

Note that the maintainer recommends using the following alternatives: - slab - slotmap

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / id-map

Package

Name: id-map; View open source insights on deps.dev
Purl: pkg:cargo/id-map

Affected ranges

Type: SEMVER
Events: Introduced

0.1.6

Fixed

0.2.2

Ecosystem specific

{
    "affects": {
        "functions": [
            "id_map::IdMap::from_iter"
        ],
        "os": [],
        "arch": []
    },
    "affected_functions": null
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}