The rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide

Impact The contractimpl macro contains a bug in how it wires up function calls. In Rust, you can define functions on a type in two ways: - Directly on the type as an inherent function: rust impl MyContract fn value ... - Through a trait rust impl Trait for MyContract fn value ... These are two...

PT-2026-20342

Name of the Vulnerable Software and Affected Versions soroban-sdk-macros versions prior to 22.0.10 soroban-sdk-macros versions prior to 23.5.2 soroban-sdk-macros versions prior to 25.1.1 Description The contractimpl macro in soroban-sdk-macros has a flaw in how it manages function calls. When...

enum_map macro can cause UB when `Enum` trait is incorrectly implemented

Affected versions of this crate did not properly check the length of an enum when using enummap! macro, trusting user-provided length. When the LENGTH in the Enum trait does not match the array length in the EnumArray trait, this can result in the initialization of the enum map with uninitialized...

Double free in linea

Affected versions of this crate did not properly implements the Matrix::zipelements method, which causes an double free when the given trait implementation might panic. This allows an attacker to corrupt or take control of the memory...