grid (Rust crate), integer overflow, CVE-2024-12345 (Moderate)

Listen to this Post

The vulnerability is an integer overflow in the `expand_rows()` function of the grid crate (version 1.0.0). This function calculates a new backing storage length using self.data.len() + rows self.cols. If `rows self.cols` or the subsequent addition overflows usize, the result wraps around in release builds, leading to a resized backing buffer that is much smaller than logically required. This broken state corrupts the invariant between the grid’s logical dimensions and its actual storage. Subsequently, operations like in-place rotation for ColumnMajor order use indices such as `let col_idx = i total_rows; self.data[col_idx..col_idx + total_rows + i].rotate_right(i);` which rely on the resized storage being correct. When the earlier length overflow breaks this assumption, these operations work on invalid memory ranges, pushing the grid into an inconsistent state. Finally, the function updates its metadata via self.rows += rows, after which the grid’s logical dimensions no longer match the backing storage. As a result, subsequent safe API calls like `get()` access the corrupted metadata, leading to an invalid index being passed to the unsafe internal function get_unchecked(). This ultimately triggers Undefined Behavior in the Rust code.

dailycve form:

Platform: grid (Rust)
Version: 1.0.0
Vulnerability : integer overflow
Severity: Moderate
date: 2026-04-20

Prediction: 2026-04-27

What Undercode Say:

Check installed version
cargo tree | grep grid
Confirm vulnerable version
grep '^version = "1.0.0"' Cargo.lock
Test with Miri (nightly)
cargo +nightly miri test
Run proof-of-concept
cargo run --release
// PoC (safe code triggering UB)
![forbid(unsafe_code)]
use grid::Grid;
fn main() {
let mut g = Grid::from_vec(vec![1u8, 2u8], 2);
g.expand_rows(usize::MAX / 2);
g.get(0, 0);
}

Exploit:

No public exploit is required; the issue is triggered by safe Rust code with a single call to `expand_rows()` using a large row count that causes overflow, as shown in the PoC.

Protection from this CVE:

Update to a patched version. Vulnerability is fixed in grid version 1.1.0 or later. Before updating, manually validate row counts to prevent overflow in the vulnerable 1.0.0 version.

Impact:

  • Invalid unchecked access (get_unchecked) via safe API
  • Crash / denial of service in release builds (SIGSEGV, illegal instruction)
  • Violates Rust’s safety guarantees when using only safe code

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top