RUSTSEC-2025-0142: Segmentation fault and invalid memory read in `mnl::cb_run`

| Details |  |
| --- | --- |
| Package | `mnl` |
| Version | `0.3.0` |
| URL | https://github.com/mullvad/mnl-rs/issues/15 |
| Patched Versions | n/a |
| Aliases | [GHSA-585q-cm62-757j](https://github.com/advisories/GHSA-585q-cm62-757j) |


The function `mnl::cb_run` is marked as safe but exhibits unsound behavior when processing malformed Netlink message buffers.

Passing a crafted byte slice to `mnl::cb_run` can trigger memory violations. The function does not sufficiently validate the input buffer structure before processing, leading to out-of-bounds reads.

This vulnerability allows an attacker to cause a Denial of Service (segmentation fault) or potentially read unmapped memory by providing a malformed Netlink message.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2025-0142: Segmentation fault and invalid memory read in `mnl::cb_run` #162

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`mnl`
Version	`0.3.0`
URL	mullvad/mnl-rs#15
Patched Versions	n/a
Aliases	GHSA-585q-cm62-757j

RUSTSEC-2025-0142: Segmentation fault and invalid memory read in mnl::cb_run #162

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

RUSTSEC-2025-0142: Segmentation fault and invalid memory read in `mnl::cb_run` #162