VDB
KO

RUSTSEC-2025-0166

Multiple soundness issues in `stackvector`

Details

Affected versions of `stackvector` contained multiple soundness issues that could allow safe Rust code to trigger undefined behavior.

One issue was that `StackVec::length` was exposed as a public field. Safe Rust code could set `length` to a value larger than the backing array capacity. Other safe methods, including `remove`, `pop`, and `truncate`, relied on `length` before performing unsafe pointer operations (`ptr::read`, `ptr::copy`, `offset`/`add`). If `length` was corrupted by safe code, these methods could perform out-of-bounds pointer arithmetic, reads, writes, or copies.

The upstream maintainer also identified additional soundness issues, including the use of `mem::uninitialized` in `StackVec::from_vec_unchecked`, which was reachable through `from_vec`, and Miri violations related to `MaybeUninit` usage.

Version `2.0.0` was released to fix the known soundness issues.

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / stackvector
Introduced in: 0.0.0-0 Fixed in: 2.0.0

Upgrade stackvector to 2.0.0 or newer (ecosystem crates.io).

References