RUSTSEC-2025-0166
Multiple soundness issues in `stackvector`
Details
Affected versions of `stackvector` contained multiple soundness issues that could allow safe Rust code to trigger undefined behavior.
One issue was that `StackVec::length` was exposed as a public field. Safe Rust code could set `length` to a value larger than the backing array capacity. Other safe methods, including `remove`, `pop`, and `truncate`, relied on `length` before performing unsafe pointer operations (`ptr::read`, `ptr::copy`, `offset`/`add`). If `length` was corrupted by safe code, these methods could perform out-of-bounds pointer arithmetic, reads, writes, or copies.
The upstream maintainer also identified additional soundness issues, including the use of `mem::uninitialized` in `StackVec::from_vec_unchecked`, which was reachable through `from_vec`, and Miri violations related to `MaybeUninit` usage.
Version `2.0.0` was released to fix the known soundness issues.
Are you affected?
Enter the version of the package you're using.
Affected packages
0.0.0-0 Fixed in: 2.0.0 Upgrade stackvector to 2.0.0 or newer (ecosystem crates.io).
References
- https://crates.io/crates/stackvector [PACKAGE]
- https://rustsec.org/advisories/RUSTSEC-2025-0166.html [ADVISORY]
- https://github.com/Alexhuszagh/rust-stackvector/issues/3 [REPORT]
- https://github.com/Alexhuszagh/rust-stackvector/pull/6 [WEB]
- https://github.com/Alexhuszagh/rust-stackvector/commit/02b947afdeeb1be95ec0888354aa76afdd9d0357 [WEB]
- https://github.com/Alexhuszagh/rust-stackvector/issues/5 [REPORT]