Reported

May 22, 2025

Issued

September 8, 2025

Package

toodee (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• memory-exposure

Keywords

#memory-safety #buffer-overflow

References

• https://github.com/antonmarsden/toodee/issues/26

Patched

• >=0.6.0

Unaffected

• <0.2.0

Affected Functions

Version

toodee::DrainCol::drop

• >=0.2.0, <=0.5.0

Description

An off-by-one error in the DrainCol::drop destructor could cause an unsafe memory copy operation to exceed the bounds of the associated vector.

The error was related to the size of the data being copied in one of the ptr::copy invocations inside the destructor.

When removing the first column from a TooDee object, the DrainCol return object could cause a heap buffer overflow vulnerability when it is dropped.

The issue was fixed in commit e6e16d5 by reducing the copied size by one.

Advisory available under CC0-1.0 license.