{"id":"RUSTSEC-2025-0132","summary":"`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe","details":"maxminddb prior to version 0.27 declared `Reader::open_mmap` as safe \ndespite wrapping an inherently unsafe memmap2 operation with no\nextra step done to guarantee safety. This could have led to undefined\nbehaviour if the file were to be modified on disk while the memory map\nwas still active.","aliases":["GHSA-mj73-j457-8x9q"],"modified":"2025-12-02T06:12:51.480951Z","published":"2025-11-28T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/maxminddb"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0132.html"},{"type":"REPORT","url":"https://github.com/oschwald/maxminddb-rust/issues/86"},{"type":"WEB","url":"https://github.com/oschwald/maxminddb-rust/commit/98f0e4fff9678c841ed33f3b8a46322f6163c32a"}],"affected":[{"package":{"name":"maxminddb","ecosystem":"crates.io","purl":"pkg:cargo/maxminddb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.11.0"},{"fixed":"0.27.0"}]}],"ecosystem_specific":{"affects":{"arch":[],"functions":["maxminddb::Reader::open","maxminddb::Reader::open_mmap"],"os":[]},"affected_functions":null},"database_specific":{"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0132.json","cvss":null,"categories":["memory-corruption"]}}],"schema_version":"1.7.3"}