rustsec-2025-0044
Vulnerability from osv_rustsec
Published
2025-06-16 12:00
Modified
2025-10-28 06:02
Summary
Four unique double-free vulnerabilities triggered via safe APIs
Details

The crate slice-ring-buffer was developed as a fork of slice-deque to continue maintenance and provide security patches, since the latter has been officially unmaintained (RUSTSEC-2020-0158).

While slice-ring-buffer has addressed some previously reported memory safety issues inherited from its fork origin (RUSTSEC-2021-0047), it still retains multiple unresolved memory corruption vulnerabilities.

Specifically, we have discovered four new memory safety bugs, each resulting in double-free violations that can occur when only safe APIs are invoked. These vulnerabilities correspond to four distinct safe APIs in the crate, each exposing unsound and vulnerable behavior due to incorrect usage of unsafe code internally.

Unfortunately, the maintainer doesn't have much availability to resolve these issues so there's no concrete timeline for fixes. Community contributions towards fixing these vulnerabilities would be much appreciated.

To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "categories": [
          "memory-corruption"
        ],
        "cvss": null,
        "informational": null
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [],
          "functions": [
            "slice_ring_buffer::IntoIter::clone",
            "slice_ring_buffer::SliceRingBuffer::extend_from_slice",
            "slice_ring_buffer::SliceRingBuffer::insert",
            "slice_ring_buffer::SliceRingBuffer::shrink_to_fit"
          ],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "slice-ring-buffer",
        "purl": "pkg:cargo/slice-ring-buffer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-0"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [
    "GHSA-7mcq-f592-pf7v"
  ],
  "database_specific": {
    "license": "CC0-1.0"
  },
  "details": "The crate [`slice-ring-buffer`](https://crates.io/crates/slice-ring-buffer) was developed as a fork of [`slice-deque`](https://crates.io/crates/slice-deque) to continue maintenance and provide security patches, since the latter has been officially unmaintained ([RUSTSEC-2020-0158](https://rustsec.org/advisories/RUSTSEC-2020-0158.html)).\n\nWhile `slice-ring-buffer` has addressed some previously reported memory safety issues inherited from its fork origin ([RUSTSEC-2021-0047](https://rustsec.org/advisories/RUSTSEC-2021-0047.html)), it still retains multiple unresolved memory corruption vulnerabilities.\n\nSpecifically, we have discovered four new memory safety bugs, each resulting in double-free violations that can occur when only safe APIs are invoked. These vulnerabilities correspond to four distinct safe APIs in the crate, each exposing unsound and vulnerable behavior due to incorrect usage of unsafe code internally.\n\nUnfortunately, the maintainer doesn\u0027t have much availability to resolve these issues so there\u0027s no concrete timeline for fixes. Community contributions towards fixing these vulnerabilities would be much appreciated.",
  "id": "RUSTSEC-2025-0044",
  "modified": "2025-10-28T06:02:18Z",
  "published": "2025-06-16T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/slice-ring-buffer"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0044.html"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/LiquidityC/slice_ring_buffer/issues/12"
    }
  ],
  "related": [],
  "severity": [],
  "summary": "Four unique double-free vulnerabilities triggered via safe APIs"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.