{"id":"RUSTSEC-2025-0050","summary":"IdMap::from_iter may lead to uninitialized memory being freed on drop","details":"Due to a flaw in the constructor `id_map::IdMap::from_iter`, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of `IdMap`. Specifically, the field `ids` is initialized based on the capacity of the vector `values`, which is constructed from the provided iterator. However, the length of this vector may be smaller than its capacity.\n\nIn such cases, when the resulting `IdMap` is dropped, its destructor incorrectly assumes that `values` contains `ids.len() == values.capacity()` initialized elements and attempts to iterate over and drop them. This leads to dereferencing and attempting to free uninitialized memory, resulting in undefined behavior and potential segmentation faults.\n\nThe bug was fixed in commit `fab6922`, and all unsafe code was removed from the crate.\n\nNote that the maintainer recommends using the following alternatives:\n- [slab](https://crates.io/crates/slab)\n- [slotmap](https://crates.io/crates/slotmap)","aliases":["GHSA-qq4c-hm99-979m"],"modified":"2025-10-28T06:29:26.006238Z","published":"2025-08-14T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/id-map"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0050.html"},{"type":"REPORT","url":"https://github.com/andrewhickman/id-map/issues/4"}],"affected":[{"package":{"name":"id-map","ecosystem":"crates.io","purl":"pkg:cargo/id-map"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.1.6"},{"fixed":"0.2.2"}]}],"ecosystem_specific":{"affects":{"functions":["id_map::IdMap::from_iter"],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"categories":["memory-corruption"],"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0050.json","cvss":null}}],"schema_version":"1.7.3"}