RUSTSEC-2026-0186

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2026-0186

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0186.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2026-0186

Published

2026-06-20T12:00:00Z

Modified

2026-06-22T18:15:03.600280397Z

Summary

Unchecked pointer offset in crate `memmap2`

Details

Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::[unchecked_]advise_range(), MmapMut::[unchecked_]advise_ranage() and MmapMut::flush[_async]_range().

This can cause undefined behavior due to invalid values being passed to [pointer::offset()] and [pointer::add()] when passing an out-of-bounds range to any of the affected functions.

The flaw was corrected in commit [cee7cf0] and released in version 0.9.11.

The invalid pointer is not dereferenced, but it is passed to the madvise and msync syscalls and their Windows equivalents.

[cee7cf0] https://github.com/RazrFalcon/memmap2-rs/pull/170/changes/cee7cf03a9ee095982a3c37b7aac8e3f68f1a00c

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / memmap2

Package

Name: memmap2; View open source insights on deps.dev
Purl: pkg:cargo/memmap2

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.9.11

Ecosystem specific

{
    "affects": {
        "os": [],
        "arch": [],
        "functions": [
            "memmap2::Mmap::advise_range",
            "memmap2::Mmap::unchecked_advise_range",
            "memmap2::MmapMut::advise_range",
            "memmap2::MmapMut::flush_async_range",
            "memmap2::MmapMut::flush_range",
            "memmap2::MmapMut::unchecked_advise_range"
        ]
    },
    "affected_functions": null
}