RUSTSEC-2025-0054

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2025-0054
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0054.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2025-0054
Aliases
Published
2025-08-14T12:00:00Z
Modified
2025-10-28T06:29:27.045607Z
Summary
ArrayQueue::push_front is not panic-safe
Details

The safe API array_queue::ArrayQueue::push_front can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument.

Specifically, push_front receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait. Furthermore, the method updates the queue's start index before initializing the slot for the newly pushed element. User-defined implementations of Clone may include a clone method that can panic. If such a panic occurs during initialization, the structure is left with an advanced start index pointing to an uninitialized slot. When ArrayQueue is later dropped, its destructor treats that slot as initialized and attempts to drop it, resulting in an attempt to free uninitialized memory.

The bug was fixed in commit 728fe1b.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / array-queue

Package

Name
array-queue
View open source insights on deps.dev
Purl
pkg:cargo/array-queue

Affected ranges

Type
SEMVER
Events
Introduced
0.3.0
Fixed
0.4.0

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "arch": [],
        "functions": [
            "array_queue::ArrayQueue::push_front"
        ],
        "os": []
    }
}

Database specific

categories 
[
    "memory-corruption"
]
source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0054.json"
informational 
null
cvss 
null