logo

Database

Out-of-bounds read In auto_vec

Description

Invalid pointer arithmetic in iter() and iter_mut() The iter() and iter_mut() APIs compute current = (&children[0] as *const *const RawAutoChild).sub(1), which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules.

This can be triggered through safe public APIs — iter() and iter_mut() — with no unsafe required from the caller.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. OSV-RUSTSEC-2026-01332. GCVE-RUSTSEC-2026-01333. rustsec.org

References

1. https://github.com/lluvz/AutoVec/issues/1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.