RUSTSEC-2026-0133

Source
https://rustsec.org/advisories/RUSTSEC-2026-0133
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0133.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2026-0133
Published
2026-05-02T12:00:00Z
Modified
2026-05-13T12:45:17.622026Z
Summary
Invalid pointer arithmetic in `iter()` and `iter_mut()`
Details

The iter() and iter_mut() APIs compute current = (&children[0] as *const *const RawAutoChild).sub(1), which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules.

This can be triggered through safe public APIs — iter() and iter_mut() — with no unsafe required from the caller.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / auto_vec

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

cvss
null
informational
"unsound"
categories
[
    "memory-corruption"
]
source
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0133.json"