Reported

December 22, 2025

Issued

December 24, 2025

Package

ruint (crates.io)

Type

Vulnerability

Categories

• memory-corruption

Keywords

#soundness #out-of-bounds

References

• https://github.com/recmo/uint/issues/550

Patched

no patched versions

Affected Functions

Version

ruint::algorithms::div::reciprocal_mg10

• <1.17.0

Description

The function reciprocal_mg10 is marked as safe but can trigger undefined behavior (out-of-bounds access) because it relies on debug_assert! for safety checks instead of assert!.

When compiled in release mode, the debug_assert! is optimized out, potentially allowing invalid inputs to cause memory corruption.

Advisory available under CC0-1.0 license.