{"id":"RUSTSEC-2025-0162","summary":"`VMABuffer::set_data` may allow out-of-bounds writes from safe code","details":"`VMABuffer::set_data` was a publicly accessible safe function. It accepted an arbitrary `offset` and a data slice, then used the offset in unsafe pointer arithmetic before copying the slice into a mapped allocation.\n\nAffected versions did not check that the requested write range fit within the allocation before calling `ptr.add(offset)` and `copy_from_nonoverlapping`. Safe Rust code could therefore trigger an out-of-bounds write by passing an offset outside the mapped allocation.\n\nThis makes the safe API unsound, since callers can trigger undefined behavior without using `unsafe`.\n\nVersion `0.4.0` added a bounds check before performing the pointer arithmetic and copy.","modified":"2026-05-20T13:45:04.461804188Z","published":"2025-04-23T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/vku"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0162.html"},{"type":"REPORT","url":"https://github.com/ArrowMaxGithub/vku/issues/5"},{"type":"WEB","url":"https://github.com/ArrowMaxGithub/vku/commit/ce02c19ec35e5ee84c00ec5005be9d6d44599b5f"}],"affected":[{"package":{"name":"vku","ecosystem":"crates.io","purl":"pkg:cargo/vku"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.4.0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"arch":[],"functions":["vku::VMABuffer::set_data"]}},"database_specific":{"informational":"unsound","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0162.json","categories":["memory-corruption"],"cvss":null}}],"schema_version":"1.7.5"}