RUSTSEC-2025-0005 – grcov

Package

Manager: cargo
Name: grcov
Vulnerable Version: >=0.0.0-0 <0.8.21-0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Out of bounds write triggered by crafted coverage data Function `grcov::covdir::get_coverage` uses the `unsafe` function `get_unchecked_mut` without validating that the index is in bounds. This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data.

Metadata

Created: 2025-01-13T12:00:00Z
Modified: 2025-02-10T06:29:23Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F316
Auto approve: 1