{"id":"RUSTSEC-2025-0054","summary":"ArrayQueue::push_front is not panic-safe","details":"The safe API `array_queue::ArrayQueue::push_front` can lead to deallocating uninitialized memory if a panic occurs while invoking the `clone` method on the passed argument.\n\nSpecifically, `push_front` receives an argument that is intended to be cloned and pushed, whose type implements the `Clone` trait. Furthermore, the method updates the queue's `start` index before initializing the slot for the newly pushed element. User-defined implementations of `Clone` may include a `clone` method that can panic. If such a panic occurs during initialization, the structure is left with an advanced `start` index pointing to an uninitialized slot. When `ArrayQueue` is later dropped, its destructor treats that slot as initialized and attempts to drop it, resulting in an attempt to free uninitialized memory.\n\nThe bug was fixed in commit `728fe1b`.","aliases":["GHSA-xqjr-wfx3-gmxv"],"modified":"2025-10-28T06:29:27.045607Z","published":"2025-08-14T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/array-queue"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0054.html"},{"type":"REPORT","url":"https://github.com/raviqqe/array-queue/issues/3"}],"affected":[{"package":{"name":"array-queue","ecosystem":"crates.io","purl":"pkg:cargo/array-queue"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.3.0"},{"fixed":"0.4.0"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":["array_queue::ArrayQueue::push_front"]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0054.json","cvss":null,"categories":["memory-corruption"],"informational":null}}],"schema_version":"1.7.3"}