RUSTSEC-2025-0019

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2025-0019
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0019.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2025-0019
Published
2025-03-27T12:00:00Z
Modified
2025-03-30T09:10:10Z
Summary
`array-init-cursor` in version 0.2.0 and below is unsound when used with types that implement `Drop`
Details

The Drop implementation will get run twice when using the cursor.

This issue does not affect you, if you are using only using the crate with types that are Copy such as u8.

This issue also does not affect you, if you are only depending on it through the crate planus.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / array-init-cursor

Package

Name
array-init-cursor
View open source insights on deps.dev
Purl
pkg:cargo/array-init-cursor

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.2.1

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific 

{
    "cvss": null,
    "informational": "unsound",
    "categories": [
        "memory-corruption"
    ]
}