Primary

Context

Trailer Crate Zero-Size Allocation Vulnerability in Rust

Vulnerability

A vulnerability exists in the Trailer crate for Rust, specifically in versions through 0.1.2, due to improper handling of memory allocation requests with a size of zero. This flaw can lead to undefined behavior, as allocating zero bytes is not a valid operation in Rust's memory management.

Impact

Exploitation of this vulnerability can cause memory safety issues, a fundamental aspect of Rust's guarantees, by allowing the creation of zero-sized types, which can lead to undefined behavior.

Reproduction

The vulnerability can be reproduced by creating a Trailer instance with a capacity of zero. This can be done by defining a zero-sized type and using it with the Trailer crate's functionality, which will trigger the unsound allocation behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trailer Crate Zero-Size Allocation Vulnerability in Rust

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating