{"id":"RUSTSEC-2025-0164","summary":"`DTriangle` accessors may read out of bounds in affected versions","details":"In affected versions, `DTriangle::neighbor_by_order` and `DTriangle::vertex_by_order` were public safe functions that accepted an\narbitrary `order` value. These functions used `order` to access fixed-size internal arrays with `get_unchecked`, without checking whether `order` was within bounds. Calling these methods with an out-of-bounds `order` could cause an out-of-bounds read from safe Rust code. This made the old APIs unsound, since safe callers could trigger undefined behavior without using `unsafe`.\n\nThe issue was fixed in version `0.29.0` as part of a broader rewrite that replaced the old triangle implementation with `IntTriangle` and removed the affected accessor methods.","modified":"2026-06-23T11:30:04.212001361Z","published":"2025-04-24T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/i_triangle"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0164.html"},{"type":"REPORT","url":"https://github.com/iShape-Rust/iTriangle/issues/4"},{"type":"WEB","url":"https://github.com/iShape-Rust/iTriangle/commit/13e0e9f4d5333e3a815191e5f6f402641997f91b"}],"affected":[{"package":{"name":"i_triangle","ecosystem":"crates.io","purl":"pkg:cargo/i_triangle"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.29.0"}]}],"ecosystem_specific":{"affects":{"functions":["i_triangle::delaunay::triangle::DTriangle::neighbor_by_order","i_triangle::delaunay::triangle::DTriangle::vertex_by_order"],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0164.json","categories":[],"informational":"unsound","cvss":null}}],"schema_version":"1.7.5"}