{"id":"RUSTSEC-2025-0106","summary":"Undefined behavior in index_of_ptr with empty slices","details":"The safe function `index_of_ptr` causes undefined behavior when called with an empty slice.\n\nThe issue occurs in the line `ptr.add(slice.len() - 1)` which underflows when `slice.len()` is 0, creating a pointer with a massive offset. According to Rust's safety rules, creating such a pointer causes immediate undefined behavior.","aliases":["GHSA-h5j3-crg5-8jqm"],"modified":"2025-10-28T06:29:24.973717Z","published":"2025-10-21T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/orx-pinned-vec"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0106.html"},{"type":"REPORT","url":"https://github.com/orxfun/orx-pinned-vec/issues/52"},{"type":"WEB","url":"https://github.com/orxfun/orx-pinned-vec/pull/53"}],"affected":[{"package":{"name":"orx-pinned-vec","ecosystem":"crates.io","purl":"pkg:cargo/orx-pinned-vec"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"3.21.0"}]}],"ecosystem_specific":{"affects":{"functions":["orx_pinned_vec::utils::slice::index_of_ptr"],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"categories":["memory-corruption"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0106.json","cvss":null,"informational":"unsound"}}],"schema_version":"1.7.3"}