{"id":"RUSTSEC-2025-0107","summary":"Uninitialized memory exposure in any_as_u8_slice","details":"The safe function `any_as_u8_slice` can create byte slices that reference uninitialized memory when used with types containing padding bytes.\n\nThe function uses `slice::from_raw_parts` to create a `&[u8]` covering the entire size of a type, including padding bytes. According to Rust's documentation, `from_raw_parts` requires all bytes to be properly initialized, but padding bytes in structs are not guaranteed to be initialized. This violates the safety contract and causes undefined behavior.","aliases":["GHSA-xcpm-76hf-c9cc"],"modified":"2025-10-28T06:29:26.916895Z","published":"2025-10-21T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/borrowck_sacrifices"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0107.html"},{"type":"REPORT","url":"https://github.com/alexpyattaev/borrowck_sacrifices/issues/1"}],"affected":[{"package":{"name":"borrowck_sacrifices","ecosystem":"crates.io","purl":"pkg:cargo/borrowck_sacrifices"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.2.0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":["borrowck_sacrifices::unsafe_casts::any_as_u8_slice"],"arch":[],"os":[]}},"database_specific":{"informational":"unsound","cvss":null,"categories":["memory-exposure"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0107.json"}}],"schema_version":"1.7.3"}