Reported

February 10, 2025

Issued

May 5, 2025

Package

cve-rs (crates.io)

Type

INFO Unsound

Categories

• memory-corruption

Keywords

#soundness-hole

References

• https://github.com/Speykious/cve-rs

Patched

no patched versions

Description

cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner.

Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860

Advisory available under CC0-1.0 license.