RUSTSEC-2026-0186

Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::[unchecked_]advise_range(), MmapMut::[unchecked_]advise_ranage() and MmapMut::flush[_async]_range().

This can cause undefined behavior due to invalid values being passed to pointer::offset() and pointer::add() when passing an out-of-bounds range to any of the affected functions.

The flaw was corrected in commit [cee7cf0] and released in version 0.9.11.

The invalid pointer is not dereferenced, but it is passed to the madvise and msync syscalls and their Windows equivalents.

[cee7cf0] https://github.com/RazrFalcon/memmap2-rs/pull/170/changes/cee7cf03a9ee095982a3c37b7aac8e3f68f1a00c