CVE-2026-42199

Source
https://cve.org/CVERecord?id=CVE-2026-42199
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42199.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-42199
Aliases
Related
Published
2026-05-08T21:15:16.561Z
Modified
2026-07-08T08:09:33.104965412Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior
Details

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expandrows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke getunchecked() with an invalid index, resulting in Undefined Behavior. This issue has been patched in version 1.0.1.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42199.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-190"
    ]
}
References

Affected packages

Git / github.com/becheran/grid

Affected ranges

Type
GIT
Repo
https://github.com/becheran/grid
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.17.0"
        },
        {
            "fixed": "1.0.1"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42199.json"