RUSTSEC-2022-0094

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2022-0094
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0094.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2022-0094
Aliases
Published
2022-11-23T12:00:00Z
Modified
2025-10-28T06:29:24.589313Z
Summary
Mimalloc Can Allocate Memory with Bad Alignment
Details

This crate depended on a promise regarding alignments made by the author of the mimalloc allocator to avoid using aligned allocation functions where possible for performance reasons. Since then, the mimalloc allocator's logic changed, making it break this promise. This caused this crate to return memory with an incorrect alignment for some allocations, particularly those with large alignments. The flaw was fixed by always using the aligned allocation functions.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / mimalloc

Package

Name
mimalloc
View open source insights on deps.dev
Purl
pkg:cargo/mimalloc

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.1.39

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "arch": [],
        "functions": [],
        "os": []
    }
}

Database specific

categories 
[]
informational 
"unsound"
cvss 
null
source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0094.json"