RUSTSEC-2025-0107

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2025-0107
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0107.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2025-0107
Published
2025-10-21T12:00:00Z
Modified
2025-10-22T05:49:18Z
Summary
Uninitialized memory exposure in any_as_u8_slice
Details

The safe function any_as_u8_slice can create byte slices that reference uninitialized memory when used with types containing padding bytes.

The function uses slice::from_raw_parts to create a &[u8] covering the entire size of a type, including padding bytes. According to Rust's documentation, from_raw_parts requires all bytes to be properly initialized, but padding bytes in structs are not guaranteed to be initialized. This violates the safety contract and causes undefined behavior.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / borrowck_sacrifices

Package

Name
borrowck_sacrifices
View open source insights on deps.dev
Purl
pkg:cargo/borrowck_sacrifices

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.2.0

Ecosystem specific 

{
    "affects": {
        "arch": [],
        "os": [],
        "functions": [
            "borrowck_sacrifices::unsafe_casts::any_as_u8_slice"
        ]
    },
    "affected_functions": null
}

Database specific

categories

[
    "memory-exposure"
]

informational

"unsound"

cvss

null