GHSA-qq4c-hm99-979m – id-map

Package

Manager: cargo
Name: id-map
Vulnerable Version: >=0.1.6 <0.2.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

IdMap from_iter may lead to uninitialized memory being freed on drop Due to a flaw in the constructor `id_map::IdMap::from_iter`, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of `IdMap`. Specifically, the field `ids` is initialized based on the capacity of the vector `values`, which is constructed from the provided iterator. However, the length of this vector may be smaller than its capacity. In such cases, when the resulting `IdMap` is dropped, its destructor incorrectly assumes that `values` contains `ids.len() == values.capacity()` initialized elements and attempts to iterate over and drop them. This leads to dereferencing and attempting to free uninitialized memory, resulting in undefined behavior and potential segmentation faults. The bug was fixed in commit `fab6922`, and all unsafe code was removed from the crate. Note that the maintainer recommends using the following alternatives: - [slab](https://crates.io/crates/slab) - [slotmap](https://crates.io/crates/slotmap)

Metadata

Created: 2025-08-18T15:10:15Z
Modified: 2025-08-18T15:10:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-qq4c-hm99-979m/GHSA-qq4c-hm99-979m.json
CWE IDs: ["CWE-665"]
Alternative ID: N/A
Finding: F138
Auto approve: 1