git2 has potential undefined behavior when dereferencing Buf struct

If the Buf struct is dereferenced immediately after calling new or default on the Buf struct, a null pointer is passed to the unsafe function slice::fromrawparts. According to the safety section documentation of the function, data must be non-null and aligned even for zero-length slices or slices...

Potential undefined behavior when dereferencing Buf struct

if we dereference the Buf struct right after calling new or default on Buf struct, it passes Null Pointer to the unsafe function slice::fromrawparts. Based on the safety section documentation of function, data must be non-null and aligned even for zero-length slices or slices of ZSTs. Thus, passi...

RUSTSEC-2025-0107 Uninitialized memory exposure in any_as_u8_slice

The safe function anyasu8slice can create byte slices that reference uninitialized memory when used with types containing padding bytes. The function uses slice::fromrawparts to create a &u8 covering the entire size of a type, including padding bytes. According to Rust's documentation, fromrawpar...

Uninitialized memory exposure in any_as_u8_slice

The safe function anyasu8slice can create byte slices that reference uninitialized memory when used with types containing padding bytes. The function uses slice::fromrawparts to create a &u8 covering the entire size of a type, including padding bytes. According to Rust's documentation, fromrawpar...

EUVD-2025-4901

Malicious code in bioql PyPI...

Unsound usages of `Vec::from_raw_parts`

The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...

RUSTSEC-2024-0357 `MemBio::get_buf` has undefined behavior with empty buffers

Previously, MemBio::getbuf called slice::fromrawparts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed...

`MemBio::get_buf` has undefined behavior with empty buffers

Previously, MemBio::getbuf called slice::fromrawparts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed...

Maligned causes incorrect deallocation

maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...

`maligned::align_first` causes incorrect deallocation

maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...

RUSTSEC-2023-0017 `maligned::align_first` causes incorrect deallocation

maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...

GHSA-HVQC-PC78-X9WH Soundness issue in raw-cpuid

VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. This flaw has been fixed in v9.0.0, by making the relevant structs reprC...

Heap overflow or corruption in safe-transmute

Affected versions of this crate switched the length and capacity arguments in the Vec::fromrawparts constructor, which could lead to memory corruption or data leakage...

Vec-to-vec transmutations could lead to heap overflow/corruption

Affected versions of this crate switched the length and capacity arguments in the Vec::fromrawparts constructor, which could lead to memory corruption or data leakage. The flaw was corrected by using the constructor correctly...