GHSA-xcpm-76hf-c9cc: Borrowck Scarifices exposes uninitialized memory in any_as_u8_slice

October 22, 2025

The safe function any_as_u8_slice can create byte slices that reference uninitialized memory when used with types containing padding bytes.

The function uses slice::from_raw_parts to create a &[u8] covering the entire size of a type, including padding bytes. According to Rust’s documentation, from_raw_parts requires all bytes to be properly initialized, but padding bytes in structs are not guaranteed to be initialized. This violates the safety contract and causes undefined behavior.

References

github.com/advisories/GHSA-xcpm-76hf-c9cc
github.com/alexpyattaev/borrowck_sacrifices
github.com/alexpyattaev/borrowck_sacrifices/commit/1bdaa14da68a6e8207f9e81359116f53139800f2
github.com/alexpyattaev/borrowck_sacrifices/issues/1
rustsec.org/advisories/RUSTSEC-2025-0107.html

Code Behaviors & Features

Detect and mitigate GHSA-xcpm-76hf-c9cc with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →