{"id":"RUSTSEC-2023-0087","summary":"`MaybeUninit` misuse in `simd-json-derive`","details":"An invalid use of `MaybeUninit::uninit().assume_init()` in `simd-json-derive`'s derive macro can cause undefined behavior. The original code used `MaybeUninit` to avoid initialisation of the struct and then set the fields using `ptr::write`. The undefined behavior triggered by this misuse of `MaybeUninit` can lead to invlaid memory access and panics in binaries compiled in release mode (aka simd-json-derive prior to version 0.12 has UB and optimizes into some nonsense)\n\nThe `0.12.0` removes this section of code, avoiding the use of MaybeUninit alltogether.","aliases":["GHSA-pqpw-89w5-82v5"],"modified":"2025-10-28T06:29:25.755823Z","published":"2023-10-14T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/simd-json-derive"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0087.html"},{"type":"REPORT","url":"https://github.com/simd-lite/simd-json-derive/issues/67"}],"affected":[{"package":{"name":"simd-json-derive","ecosystem":"crates.io","purl":"pkg:cargo/simd-json-derive"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.12.0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":[],"arch":[],"os":[]}},"database_specific":{"informational":"unsound","categories":[],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0087.json","cvss":null}}],"schema_version":"1.7.3"}