RUSTSEC-2025-0028 cve-rs introduces memory vulnerabilities in safe Rust

This crate is a joke and should never be used. cve-rs provides demonstrations of common memory vulnerabilities such as buffer overflows and segfaults implemented completely within safe Rust. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc:...

Dump Undefined Memory by `JitDumpFile`

The unsound function dumpcodeloadrecord uses fromrawparts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped. Thus, the 'safe' function dumpcodeloadrecord is actually 'unsafe' since it requires the caller to guarantee that the ad...