RUSTSEC-2026-0186
ADVISORY - rustsecSummary
Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of
Mmap::[unchecked_]advise_range(),
MmapMut::[unchecked_]advise_ranage()
and MmapMut::flush[_async]_range().
This can cause undefined behavior due to invalid values being passed to pointer::offset() and pointer::add()
when passing an out-of-bounds range to any of the affected functions.
The flaw was corrected in commit [cee7cf0] and released in version 0.9.11.
The invalid pointer is not dereferenced,
but it is passed to the madvise and msync syscalls and their Windows equivalents.
[cee7cf0] https://github.com/RazrFalcon/memmap2-rs/pull/170/changes/cee7cf03a9ee095982a3c37b7aac8e3f68f1a00c
Common Weakness Enumeration (CWE)
RustSec
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| memmap2 | cargo | - | - | <0.9.11 | 0.9.11 |
Severity and metrics
No CVSS data available from this advisory.