CVE-2025-48756: SCSIR has a Potential Unsound Issue in WriteSameCommand

May 24, 2025 (updated May 27, 2025)

In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.

References

crates.io/crates/scsir
github.com/advisories/GHSA-cm3g-qm4h-xm6m
github.com/maboroshinokiseki/scsir
github.com/maboroshinokiseki/scsir/issues/4
nvd.nist.gov/vuln/detail/CVE-2025-48756

Code Behaviors & Features

Detect and mitigate CVE-2025-48756 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →