{"id":"RUSTSEC-2025-0062","summary":"Heap Buffer Overflow in the DrainCol Destructor","details":"An off-by-one error in the `DrainCol::drop` destructor could cause an unsafe memory copy\noperation to exceed the bounds of the associated vector.\n\nThe error was related to the size of the data being copied in one of the `ptr::copy`\ninvocations inside the destructor.\n\nWhen removing the first column from a TooDee object, the DrainCol return object could cause\na heap buffer overflow vulnerability when it is dropped.\n\nThe issue was fixed in commit `e6e16d5` by reducing the copied size by one.","aliases":["GHSA-pfp7-vxgr-83pw"],"modified":"2025-10-28T06:29:25.567885Z","published":"2025-05-22T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/toodee"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0062.html"},{"type":"REPORT","url":"https://github.com/antonmarsden/toodee/issues/26"}],"affected":[{"package":{"name":"toodee","ecosystem":"crates.io","purl":"pkg:cargo/toodee"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.2.0"},{"fixed":"0.6.0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":["toodee::DrainCol::drop"],"arch":[]},"affected_functions":null},"database_specific":{"cvss":null,"categories":["memory-corruption","memory-exposure"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0062.json","informational":null}}],"schema_version":"1.7.3"}