EUVD-2025-5058

Malicious code in bioql PyPI...

GHSA-QM2P-4W45-V2VR grcov has an out of bounds write triggered by crafted coverage data

Function grcov::covdir::getcoverage uses the unsafe function getuncheckedmut without validating that the index is in bounds. This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data...

grcov has an out of bounds write triggered by crafted coverage data

Function grcov::covdir::getcoverage uses the unsafe function getuncheckedmut without validating that the index is in bounds. This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data...

gpt-cli (>=0.0.13 <=0.0.20), htmlentity (>=0.1.0 <=1.2.0) +4 more potentially affected by unknown CVE via grcov (>=0.5.15 <=0.8.13)

grcov CARGO version =0.5.15, =0.0.13, =0.1.0, =0.2.0, =0.2.3 - rye-grain =0.0.1 - slobberchops-test1 =1.4.0 Source cves: unknown CVE Source advisory: OSV:GHSA-QM2P-4W45-V2VR...

gpt-cli (>=0.0.13 <=0.0.20), htmlentity (>=0.1.0 <=1.2.0) +4 more potentially affected by unknown CVE via grcov (>=0.5.15 <=0.8.13)

grcov CARGO version =0.5.15, =0.0.13, =0.1.0, =0.2.0, =0.2.3 - rye-grain =0.0.1 - slobberchops-test1 =1.4.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0005...

Out of bounds write triggered by crafted coverage data

Function grcov::covdir::getcoverage uses the unsafe function getuncheckedmut without validating that the index is in bounds. This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data...