GHSA-wwxp-hxh6-8gf8: binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref

October 22, 2025 (updated November 10, 2025)

Safe functions accept a single &T or &mut T but multiply by n to create slices extending beyond allocated memory when n > 1.

These functions use from_raw_parts to create slices larger than the underlying allocation, violating memory safety.

The binary_vec_io repository is archived and unmaintained.

References

gist.github.com/lewismosciski/57ac3b8b7a861abdd0d7ae6f39de5a9d
github.com/10XGenomics/rust-toolbox
github.com/RustSec/advisory-db/pull/2428
github.com/advisories/GHSA-wwxp-hxh6-8gf8
rustsec.org/advisories/RUSTSEC-2025-0109.html

Code Behaviors & Features

Detect and mitigate GHSA-wwxp-hxh6-8gf8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →