{"id":"RUSTSEC-2026-0129","summary":"Buffer overflow in `Clusterings::from_i32_column_major_order()`","details":"The `from_i32_column_major_order` method can create inconsistent internal\nstate. When `labels` length and `n_items` mismatch, `n_clusterings` becomes\n`labels.len() / n_items` (truncated), but subsequent calls to `label()` use\nindices that exceed the internal data bounds, causing a buffer overflow.\n\nFor example, `Clusterings::from_i32_column_major_order(&[1,2,3,4,5], 3)`\ncreates clusterings with `n_clusterings = 5/3 = 1`. Then\n`clusterings.label(1, 0)` accesses index `1*3 = 3`, but only 3 elements\nexist (indices 0,1,2), causing out-of-bounds access.\n\nThis can be triggered through safe public APIs —\n`from_i32_column_major_order()` and `label()` — with no `unsafe` required\nfrom the caller.","modified":"2026-05-13T12:45:06.234098Z","published":"2026-05-02T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/dahl-salso"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2026-0129.html"},{"type":"REPORT","url":"https://github.com/dbdahl/rust-dahl-salso/issues/1"}],"affected":[{"package":{"name":"dahl-salso","ecosystem":"crates.io","purl":"pkg:cargo/dahl-salso"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.6.8"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":[],"arch":[],"os":[]}},"database_specific":{"categories":["memory-corruption"],"informational":"unsound","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0129.json","cvss":null}}],"schema_version":"1.7.5"}