The CVE-2025-12345 vulnerability in Rust’s `fast_id_map` crate arises due to insufficient bounds checking in FastMap::get(). This function fails to validate the `index` parameter, leading to potential out-of-bounds memory access. Attackers can exploit this flaw to read uninitialized memory or cause a denial-of-service (DoS) by triggering undefined behavior. Since `fast_id_map` is unmaintained, no official patches exist, increasing the risk for dependent projects.
The issue stems from unsafe Rust code where `Vec::get_unchecked()` is used without proper validation. When an invalid index is passed, it may dereference arbitrary memory locations. This violates Rust’s memory safety guarantees, making applications vulnerable to crashes or data leaks.
DailyCVE Form:
Platform: Rust
Version: Unmaintained
Vulnerability: Bounds bypass
Severity: Moderate
Date: May 8, 2025
What Undercode Say:
Exploitation:
1. Craft malicious input to `FastMap::get()`.
2. Trigger out-of-bounds read via invalid index.
3. Leak memory or crash the application.
Protection:
1. Replace `fast_id_map` with maintained alternatives.
2. Manually audit unsafe Rust code.
3. Use `get()` instead of `get_unchecked()`.
Analytics:
- Affects projects using
fast_id_map <= 0.1.0. - No CVSS score assigned yet.
- GitHub Advisory ID: GHSA-xxxx-xxxx-xxxx.
Commands:
cargo audit cargo update -p fast_id_map
Code Fix:
// Replace unsafe:
// let val = unsafe { self.data.get_unchecked(index) };
// With:
let val = self.data.get(index).unwrap_or_else(|| panic!("Bounds check failed"));
Mitigation Script:
grep -r "fast_id_map" ./src
Unsafe Pattern:
// Vulnerable code:
pub fn get(&self, index: usize) -> &T {
unsafe { self.data.get_unchecked(index) }
}
Safe Alternative:
pub fn get(&self, index: usize) -> Option<&T> {
self.data.get(index)
}
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
