{"id":"RUSTSEC-2026-0130","summary":"Out-of-bounds read/write in `Index` and `IndexMut` implementations","details":"The `Index` and `IndexMut` implementations for `Caja` use unchecked pointer\narithmetic without bounds validation. Creating a `Caja` with a small key and\nthen accessing an out-of-range index causes out-of-bounds reads or writes\nbeyond the allocated memory.\n\nThis can be triggered through safe public APIs — the `[]` indexing operator\non a `Caja` with an out-of-range index — with no `unsafe` required from the\ncaller.","modified":"2026-05-13T12:45:08.933263Z","published":"2026-05-02T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/caja"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2026-0130.html"},{"type":"REPORT","url":"https://github.com/EmanuelGCC/Caja/issues/1"}],"affected":[{"package":{"name":"caja","ecosystem":"crates.io","purl":"pkg:cargo/caja"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.3.0"}]}],"ecosystem_specific":{"affects":{"functions":[],"arch":[],"os":[]},"affected_functions":null},"database_specific":{"cvss":null,"categories":["memory-corruption"],"informational":"unsound","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0130.json"}}],"schema_version":"1.7.5"}