RUSTSEC-2025-0153

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2025-0153
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0153.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2025-0153
Aliases
Published
2025-11-17T12:00:00Z
Modified
2026-02-26T06:11:28Z
Summary
hexchat crate is unsound and unmaintained
Details

All versions of this crate have function deregister_command which can result in use after free. This is unsound.

In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads.

In addition, the hexchat crate is no longer actively maintained. If you rely on this crate, consider switching to an alternative.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / hexchat

Package

Name
hexchat
View open source insights on deps.dev
Purl
pkg:cargo/hexchat

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "functions": [],
        "os": [],
        "arch": []
    }
}

Database specific

categories 
[
    "memory-corruption",
    "memory-exposure"
]
cvss 
null
informational 
"unsound"
source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0153.json"