RUSTSEC-2025-0132

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2025-0132
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0132.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2025-0132
Published
2025-11-28T12:00:00Z
Modified
2025-11-29T09:06:14.947047Z
Summary
`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe
Details

maxminddb prior to version 0.27 declared Reader::open_mmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / maxminddb

Package

Name
maxminddb
View open source insights on deps.dev
Purl
pkg:cargo/maxminddb

Affected ranges

Type
SEMVER
Events
Introduced
0.11.0
Fixed
0.27.0

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "arch": [],
        "functions": [
            "maxminddb::Reader::open",
            "maxminddb::Reader::open_mmap"
        ]
    }
}

Database specific

cvss

null

informational

null

categories

[
    "memory-corruption"
]